Icecast Vulnerability
New (3.1.4)
Impact
A remote attacker could execute arbitrary code on the
server.
Note: The red stoplight on this page indicates
the highest possible severity level for this category
of vulnerabilities. To determine the severity level in
this case, refer to the colored dot next to the link to
this tutorial on the previous page.
Background
Icecast is an open
source streaming audio server. It is able to stream
MP3 files to a variety of client types.
The Problem
A format string vulnerability in the print_client
function could allow a remote attacker to overwrite
memory at arbitrary addresses. This condition could be
exploited to execute arbitrary commands on the server.
This vulnerability was corrected in icecast 1.3.8 beta 2
release 2. Prior versions of icecast are vulnerable.
Resolution
Upgrade to
icecast 1.3.8 beta 2 release 2 or higher.
Where can I read more about this?
This vulnerability was posted to
Bugtraq.