CVE-2005-4582

Name of the Vulnerable Software and Affected Versions Electric Sheep version 2.6.3

Description The issue allows remote attackers to download and display arbitrary MPEG movie files. This can be achieved through various means, including DNS spoofing, a URL on the command line, or a URL in the configuration file. The attack vectors are similar to those applicable to common web browsers communicating with untrusted web servers, which may indicate a broader issue related to DNS design. However, a client would reasonably expect to receive content only from the server.

Recommendations For Electric Sheep version 2.6.3, consider implementing authentication and integrity checks from the server to the client to prevent remote attackers from downloading and displaying arbitrary MPEG movie files. As a temporary workaround, restrict the ability to load content from untrusted sources, such as those obtained through DNS spoofing or unverified URLs.