[icecast] Fwd: Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/? (fwd)

Rick Franchuk rickf at transpect.net
Fri Aug 3 16:16:21 UTC 2001

Hey guys,

  Maybe a little OT, but I thought some of you might like to see this
(originally on bugtraq)...

---------- Forwarded message ----------
Vendor   :  Nullsoft
Product  :   SHOUTcast Server 1.8.2 Linux/win32/?
Date     :  01/08/2001


1. Overview
2. Details
3. Systems.
4. Denial of Service
5. Vendor Response

1. Overview:

SHOUTcast Server is a streaming audio server. A "bad" client request can
crash the server.

2. Details

Server crash when get, seven
times ( aprox ), a very long buffer (4KB) in fields: User-Agent and
Host, in the client HTTP request.

3. Systems

    - SHOUTcast Server 1.8.2 ( Linux )
    - SHOUTcast Server 1.8.2 ( Win32 )
    - SHOUTcast Server 1.8.2 ( Others ) ( No test )

4. DoS

The DoS in C format is attached.

5. Vendor Response

31/08/01: Sent problem to tom at nullsoft.com

03/08/01: No response from tom at nullsoft.com
                Sent problem to bugtraq at securityfocus.com

--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Icecast mailing list