CVE-2008-2040

Name of the Vulnerable Software and Affected Versions: gnome-peercast versions 0.1218

Description: The issue concerns multiple vulnerabilities in the gnome-peercast package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A specific vulnerability is a stack-based buffer overflow in the HTTP::getAuthUserPass function, located in core/common/http.cpp, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Basic Authentication string with a long username or password.

Recommendations: For gnome-peercast version 0.1218, consider disabling the HTTP::getAuthUserPass function as a temporary workaround until a patch is available. Restrict access to the core/common/http.cpp module to minimize the risk of exploitation. Avoid using long username or password in the Basic Authentication string for the affected API endpoint until the issue is resolved.