CVE-2006-3534 Information

Description

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding which allows remote attackers to read arbitrary files via encoded dot dot (2E2E) sequences in an HTTP GET request for a file path containing /content.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=136721 http://people.ksp.sk/~goober/advisory/001-shoutcast.html http://secunia.com/advisories/20524 http://security.gentoo.org/glsa/glsa-200607-05.xml http://securitytracker.com/id?1016493 http://www.shoutcast.com/news http://www.vupen.com/english/advisories/2006/2801