| VID |
22282 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Icecast program, according to its version number, has a Header Buffer Overflow Vulnerability.
Icecast is an open-source mp3 broadcasting program for Windows and Unix-based operating systems. Icecast versions 2.0.1 and prior running on Microsoft Windows are vulnerable to a a buffer overflow, caused by a failure of the application to properly enforce boundary conditions when dealing with user-supplied input data. By sending more than 31 headers in a HTTP request to Icecast, a remote attacker could overflow a buffer and execute arbitrary code on the system.
* Note: This check solely relied on the version number of the remote Icecast to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=10446
http://securitytracker.com/alerts/2004/Sep/1011439.html
http://aluigi.altervista.org/adv/iceexec-adv.txt
* Platforms Affected:
Icecast 2.0.1 and prior
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Icecast (2.0.2 or later), available from the Icecast Web site at http://www.icecast.org/download.php |
| Related URL |
CVE-2004-1561 (CVE) |
| Related URL |
11271 (SecurityFocus) |
| Related URL |
17538 (ISS) |
|
