CVE-2004-1741

music_daemon 0.0.3 - Denial of Service via LOAD and SHOWLIST Commands

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1741. PoCs published by Tal0n.

AI-analyzed exploit summary This exploit leverages an authentication bypass in MusicDaemon <= 0.0.3 to either steal the /etc/shadow file or crash the service via a DoS. It sends specific commands (LOAD, SHOWLIST) to the daemon, which runs as root by default.

Description

Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tal0n · cremotelinux
https://www.exploit-db.com/exploits/413

This exploit leverages an authentication bypass in MusicDaemon <= 0.0.3 to either steal the /etc/shadow file or crash the service via a DoS. It sends specific commands (LOAD, SHOWLIST) to the daemon, which runs as root by default.

Classification
Working Poc 100%
Attack Type
Info Leak | Dos
Complexity
Trivial
Reliability
Reliable
Target: MusicDaemon <= 0.0.3
No auth needed
Prerequisites: MusicDaemon running as root · Network access to the target port
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Patch x_refsource_confirm
http://musicdaemon.sourceforge.net/
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109329098806595&w=2
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11006
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17068
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1011025

Scores

EPSS 0.0699
EPSS Percentile 93.3%

Details

Status published
Products (3)
music_daemon/music_daemon 0.1
music_daemon/music_daemon 0.2
music_daemon/music_daemon 0.3
Published Aug 23, 2004
Tracked Since Feb 18, 2026