icecast Heap Overflow in Processing Basic Authentication Lets Remote Users Crash the Service
SecurityTracker Alert ID: 1010101|
SecurityTracker URL: http://securitytracker.com/id/1010101
(Links to External Site)
Date: May 10 2004
Denial of service via network, Execution of arbitrary code via network, User access via network|
Exploit Included: Yes |
A heap overflow vulnerability was reported in icecast. A remote user can cause the icecast service to crash and may be able to execute arbitrary code on the target system [but code execution was not confirmed in the report].|
ned reported that the flaw resides in the processing of Base64 HTTP Basic Authorization request. A remote user can send a specially crafted HTTP GET request to trigger the overflow and cause the target service to crash.
A demonstration exploit script is provided in the Source Message [it is Base64 encoded].
The vendor has reportedly been notified.
A remote user can cause the target service to crash. A remote user may be able to execute arbitrary code [but that was not confirmed in the report].|
No solution was available at the time of this entry.|
Vendor URL: www.icecast.org/ (Links to External Site)
Linux (Any), UNIX (Any), Windows (Any)|
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
Date: Sun, 9 May 2004 05:56:32 -0700 (PDT)|
Subject: [Full-Disclosure] Icecast 2.0.0 preauth overflow
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to firstname.lastname@example.org for more info.
Content-Type: TEXT/PLAIN; charset=US-ASCII
There exists a remotely exploitable heap overflow in Icecast 2.0.0.
The bug exists in the handling of base64 Authorization request.
This bug was found in about 40 seconds during a HTTP audit of the web
component of Icecast with the fuzzer SMUDGE
People complained that the last Icecast bugs weren't preauth. This one is.
Attached is a simple python script to reproduce the bug on the Windows
platform. Our tests confirmed that some tweaking will crash linux version
although this was not verified by the Icecast team.
Vendor == notified.
On another note tis signifies the first release from the UBC.
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="CAKEICING.py"
Content-Disposition: attachment; filename="CAKEICING.py"
Full-Disclosure - We believe in it.