does everybody know there is a exploit for the linux server v1.8.9

example :

SHOUTcast v1.8.9 remote exploit by eSDee of Netric
-----------------------------------(xxxxxxx)
Connected, sending code...
Ret: 0x08069687
Exploiting succesful.
---------------------------------------------------
Linux kata.xxxxxxx.nl 2.4.18 #1 SMP Fri Apr 19 00:16:03 CEST 2002 i586 unknown
uid=501(kata) gid=501(kata) groups=501(kata)

so if you run shoutcast as root you are pretty vulnerable
is there a fix for this ??


kata

It's fixed in the upcoming 1.8.12 release, however you shouldn't be running it as root to begin with, it is unnecessary. Also for this exploit they need to know your admin password or broadcaster's password.

Tom

Nope you don't hav to know admins passwd for this one , and exploits are mostly used to get ids.
Not to get root
you realy need to fix this dude
I just searched goole for shoutcast servers , And i found this exploit thats realy not good.

kata

i really like this and the work you have done.
I hate dudes who just post exploits on public.
This program is very good and i like it very much, i like to start a server on linux!
So hope you will fix this soon.

kata

http://www.netric.org/advisories/netric-adv006.txt

It is only exploitable if you have the Password or AdminPassword (both from sc_serv.conf). This issue is fixed in 1.8.12.

Tom