SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Icecast Vendors:   Icecast.org
Icecast Streaming Audio Server Can Execute Arbitrary Code
SecurityTracker Alert ID:  1001092
SecurityTracker URL:  http://securitytracker.com/id/1001092
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 15 2001
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): All versions prior to Icecast 1.3.9 and Libshout 1.0.4
Description:   Several vulnerabilities have been reported in Icecast, a streaming audio package, in which a remote user can cause Icecast to execute arbitrary code on the Icecast host.

The Libshout package is also affected.

All versions prior to Icecast 1.3.9 and Libshout 1.0.4 are vulnerable.

Impact:   An attacker can cause arbitrary code to be executed on the Icecast server with the privileges of the Icecast program.
Solution:   Patched versions of these packages are available from the vendor.
Vendor URL:  www.icecast.org (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Additional Bugs Found (Re: Icecast Streaming Audio Server Can Execute Arbitrary Code)
The vendor announces additional vulnerabilities and a new release to fix those bugs.
(FreeBSD Issues Updated Fix) Re: Icecast Streaming Audio Server Can Execute Arbitrary Code
The vendor notes that all versions prior to 1.3.10 are vulnerable (not just prior to 1.3.9, as was previously reported).
(Debian Issues Fix) Icecast Streaming Audio Server Can Execute Arbitrary Code
Debian has released a fix.



 Source Message Contents

Subject:  Icecast / Libshout remote vulnerabilities


--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

We have found numerous remotely exploitable buffer overflows in both
Icecast and Libshout, two popular packages for streaming audio.  All
users of these packages are urged to upgrade immediately.

Patched versions of these packages are available as of March 11, 2001
from www.icecast.org.  All versions prior to Icecast 1.3.9 and
Libshout 1.0.4 are vulnerable.

Matt Messier (mmessier@prilnari.com)
John Viega (viega@list.org)  

--bg08WKrSYDhXBjb5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6rG8e6G5NxBeqKQ4RAv3AAJ4o0pbbCI/KXmklE6UeX1s7gkmWwQCfXsmQ
9g1CUma55F994ol2GsaFZoo=
=Par7
-----END PGP SIGNATURE-----

--bg08WKrSYDhXBjb5--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC