SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Multimedia)  >   Icecast Vendors:   Icecast.org
Icecast Streaming Audio Server Can Execute Arbitrary Code
SecurityTracker Alert ID:  1001092
SecurityTracker URL:  http://securitytracker.com/id/1001092
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 15 2001
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): All versions prior to Icecast 1.3.9 and Libshout 1.0.4
Description:   Several vulnerabilities have been reported in Icecast, a streaming audio package, in which a remote user can cause Icecast to execute arbitrary code on the Icecast host.

The Libshout package is also affected.

All versions prior to Icecast 1.3.9 and Libshout 1.0.4 are vulnerable.
Impact:   An attacker can cause arbitrary code to be executed on the Icecast server with the privileges of the Icecast program.
Solution:   Patched versions of these packages are available from the vendor.
Vendor URL:  www.icecast.org (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Additional Bugs Found (Re: Icecast Streaming Audio Server Can Execute Arbitrary Code)   (John Viega <viega@LIST.ORG>)
The vendor announces additional vulnerabilities and a new release to fix those bugs.
(FreeBSD Issues Updated Fix) Re: Icecast Streaming Audio Server Can Execute Arbitrary Code   (FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>)
The vendor notes that all versions prior to 1.3.10 are vulnerable (not just prior to 1.3.9, as was previously reported).
(Debian Issues Fix) Icecast Streaming Audio Server Can Execute Arbitrary Code   (Wichert Akkerman <wichert@wiggy.net>)
Debian has released a fix.


 Source Message Contents
Date:  Mon, 12 Mar 2001 01:39:27 -0500
Subject:  Icecast / Libshout remote vulnerabilities


--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

We have found numerous remotely exploitable buffer overflows in both
Icecast and Libshout, two popular packages for streaming audio.  All
users of these packages are urged to upgrade immediately.

Patched versions of these packages are available as of March 11, 2001
from www.icecast.org.  All versions prior to Icecast 1.3.9 and
Libshout 1.0.4 are vulnerable.

Matt Messier (mmessier@prilnari.com)
John Viega (viega@list.org)  

--bg08WKrSYDhXBjb5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6rG8e6G5NxBeqKQ4RAv3AAJ4o0pbbCI/KXmklE6UeX1s7gkmWwQCfXsmQ
9g1CUma55F994ol2GsaFZoo=
=Par7
-----END PGP SIGNATURE-----

--bg08WKrSYDhXBjb5--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC