Info

Disclosure

Sep 28, 2004

Discovery

Unknown

Dates

Exploit

Sep 28, 2004

Solution

Unknown

Description

A remote overflow exists in Icecast Server. The Server fails to properly boundary check in the parsing of HTTP headers resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Icecast	Icecast Server	2.0.0
		2.0.1

References

Secunia Advisory ID: 12666
CVE ID: 2004-1561 (see also: NVD)
Other Advisory URL: http://aluigi.altervista.org/adv/iceexec-adv.txt

Credit

Luigi Auriemma - aluigialtervista.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/36218