| VID |
22284 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Icecast program, according to its version number, has a Basic Authentication Buffer Overflow Vulnerability.
Icecast is an open-source mp3 broadcasting program for Windows and Unix-based operating systems. Icecast version 2.0.0 is vulnerable to a heap-based buffer overflow, caused by improperly processing an base64 authentication request. By sending a specially-crafted base64 authorization request, a remote attacker could overflow a buffer and possibly execute arbitrary code on the system or cause the system to crash.
* Note: This check solely relied on the version number of the remote Icecast to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=6075
http://securitytracker.com/alerts/2004/May/1010101.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0378.html
* Platforms Affected:
Icecast 2.0.0
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Icecast (2.1.0 or later), available from the Icecast Web site at http://www.icecast.org/download.php |
| Related URL |
CVE-2004-2027 (CVE) |
| Related URL |
10311 (SecurityFocus) |
| Related URL |
16103 (ISS) |
|
