Icecast Vulnerability

New (3.1.4)

Impact

A remote attacker could execute arbitrary code on the server.

Note: The red stoplight on this page indicates the highest possible severity level for this category of vulnerabilities. To determine the severity level in this case, refer to the colored dot next to the link to this tutorial on the previous page.

Background

Icecast is an open source streaming audio server. It is able to stream MP3 files to a variety of client types.

The Problem

A format string vulnerability in the print_client function could allow a remote attacker to overwrite memory at arbitrary addresses. This condition could be exploited to execute arbitrary commands on the server.

This vulnerability was corrected in icecast 1.3.8 beta 2 release 2. Prior versions of icecast are vulnerable.

Resolution

Upgrade to icecast 1.3.8 beta 2 release 2 or higher.

Where can I read more about this?

This vulnerability was posted to Bugtraq.