Icecast Vulnerability
Updated 3/27/01
CVE 2001-0197
Impact
A remote attacker could execute arbitrary code on the
server.
Background
Icecast is an open
source streaming audio server. It is able to stream
MP3 files to a variety of client types.
The Problem
Multiple buffer overflows could allow a remote
attacker to execute arbitrary commands by sending
specially crafted strings to the Icecast service.
These vulnerabilities have been corrected in icecast 1.3.10.
Prior versions of icecast are vulnerable.
Resolution
Upgrade to
icecast 1.3.10 or higher.
Where can I read more about this?
These vulnerabilities were posted to Bugtraq on
January 21, 2001, March 12, 2001,
and March 13, 2001.