| VID |
22288 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Icecast program, according to its version number, has an 'Client_login()' Buffer Overflow Vulnerability.
Icecast is an open-source mp3 broadcasting program for Windows and Unix-based operating systems. Icecast versions 1.3.11 and earlier are vulnerable to a buffer overflow in the client_login() function, caused by properly checking bounds on data sent from clients. By sending an overly long HTTP request containing 8000 bytes or more, a remote attacker could overflow a buffer and gain root privileges on the server.
* Note: This check solely relied on the version number of the remote Icecast to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2002/Apr/1003952.html
* Platforms Affected:
Icecast 1.3.11 and prior
Linux Any version |
| Recommendation |
Upgrade to the latest version of Icecast (1.3.12 or later) fixed this issue, available from the Icecast Web site at http://svn.xiph.org/releases/icecast/
For Red Hat Powertools 7.0 and 7.1:
Upgrade to the latest version of icecast (1.3.12-1 or later), as listed in Red Hat Security Advisory RHSA-2002:063-05 at http://rhn.redhat.com/errata/RHSA-2002-063.html
For Caldera OpenLinux Server 3.1 and 3.1.1:
Upgrade to the latest version of icecast (1.3.12-1 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2002-020.0 at ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-020.0.txt
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2002-0177 (CVE) |
| Related URL |
4415 (SecurityFocus) |
| Related URL |
8741 (ISS) |
|
