SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Icecast Vendors:   Icecast.org
(Vendor Issues Fix) icecast Heap Overflow in Processing Basic Authentication Lets Remote Users Crash the Service
SecurityTracker Alert ID:  1010224
SecurityTracker URL:  http://securitytracker.com/id/1010224
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 19 2004
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.0
Description:   A heap overflow vulnerability was reported in icecast. A remote user can cause the icecast service to crash and may be able to execute arbitrary code on the target system [but code execution was not confirmed in the report].

ned reported that the flaw resides in the processing of Base64 HTTP Basic Authorization request. A remote user can send a specially crafted HTTP GET request to trigger the overflow and cause the target service to crash.

A demonstration exploit script is provided in the Source Message [it is Base64 encoded].

The vendor has reportedly been notified.

Impact:   A remote user can cause the target service to crash. A remote user may be able to execute arbitrary code [but that was not confirmed in the report].
Solution:   The vendor has issued a fixed version (2.0.1), available at:

http://www.icecast.org/download.php

Vendor URL:  www.icecast.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
May 10 2004 icecast Heap Overflow in Processing Basic Authentication Lets Remote Users Crash the Service



 Source Message Contents

Subject:  http://www.xiph.org/archives/icecast/7144.html


http://www.xiph.org/archives/icecast/7144.html

From: oddsock
Date: Wed 12 May 2004 - 16:53:34 EDT

This patch release fixes a overflow buffer which can cause server crashes
under certain circumstances. This release contains ONLY the fix for this
issue. We are still targetting a 2.1.0 release with new features and
functionality in the near future.

Download the new release at the icecast.org download page :
http://www.icecast.org/download.php

oddsock

--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request@xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC