|
Description
|
This indicates an attempt to exploit a buffer overflow vulnerability in Icecast server.
Icecast is an audio broadcast system that streams music in both MP3 and Ogg Vorbis formats. A vulnerability is reported in it that may allow an attacker to execute arbitrary code on the vulnerable system. This is due to the application's failure to bounds check user HTTP requests. When exploiting this, an attacker may send a specially crafted HTTP request with more than 31 headers to overflow buffers and execute arbitrary code on the affected system.
|
|
|
|
Impact
|
Compromise of the affected system.
|
|
|
|
Affected Products
|
Icecast 2.0.1 and earlier versions.
|
|
Aliases
|
Icecast.Http.Header.Overflow.A
Icecast.Http.Header.Overflow.B
|
|
References
|
http://www.securityfocus.com/bid/11271
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-1561
http://aluigi.altervista.org/adv/iceexec-adv.txt
|
|
Recommended Actions
|
Upgrade to Icecast 2.0.2 or later versions from the following URL:
http://svn.xiph.org/releases/icecast/
|
