| VID |
22287 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Icecast program, according to its version number, has multiple Buffer Overflow Vulnerability.
Icecast is an open-source mp3 broadcasting program for Windows and Unix-based operating systems. Icecast versions 1.3.9 and earlier are vulnerable to multiple buffer overflows. Theses buffer overflows could allow a remote attacker to execute code with the privileges of the Icecast server (vulnerable versions normally run as root) or potentially deny service to legitimate users.
* Note: This check solely relied on the version number of the remote Icecast to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2001-03/0162.html
* Platforms Affected:
Icecast 1.3.9 and earlier
Linux Any version |
| Recommendation |
Upgrade to the latest version of Icecast (1.3.12 or later) fixed this issue, available from the Icecast Web site at http://svn.xiph.org/releases/icecast/
For Red Hat Powertools 7.0 and 7.1:
Upgrade to the latest version of icecast (1.3.12-1 or later), as listed in Red Hat, Inc. Red Hat Security Advisory RHSA-2002:063-05 at http://rhn.redhat.com/errata/RHSA-2002-063.html
For Caldera OpenLinux Server 3.1 and 3.1.1:
Upgrade to the latest version of icecast (1.3.12-1 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2002-020.0 at ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-020.0.txt
For Conectiva Linux 4.1, 4.2, 5.0, 5.1, and 6.0:
Upgrade to the latest version of icecast (1.3.9-2cl or later), as listed in Conectiva Linux Security Announcement CLSA-2001:387 at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000387
For Debian GNU/Linux 2.2 (potato):
Upgrade to the latest version of icecast (1.3.10-1 or later), as listed in Debian Security Advisory DSA-089-2 at http://www.debian.org/security/2001/dsa-089
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2001-1230 (CVE) |
| Related URL |
4743 (SecurityFocus) |
| Related URL |
9246 (ISS) |
|
