Icecast Vulnerability
Updated 4/12/02
CVE 2001-0197
CVE 2001-1083
CAN 2001-1229
CAN 2001-1230
CAN 2002-0177
Impact
A remote attacker could execute arbitrary code on the
server.
Background
Icecast is an open
source streaming audio server. It is able to stream
MP3 files to a variety of client types.
The Problem
Multiple buffer overflows could allow a remote
attacker to execute arbitrary commands by sending
specially crafted strings to the Icecast service.
These vulnerabilities have been corrected in icecast 1.3.12.
Prior versions of icecast are vulnerable.
Resolution
Upgrade to
icecast 1.3.12 or higher.
Where can I read more about this?
These vulnerabilities were posted to Bugtraq on
January 21, 2001, March 12, 2001,
March 13, 2001, and
April 2, 2002.