[icecast] Full analysis of the remotely exploitable icecast 1.3.x bugs
dizznutt at my.security.nl
dizznutt at my.security.nl
Sat Apr 6 10:24:38 UTC 2002
Hello Icecast folks,
Attached is an analysis I slapped together detailing the exact specifics
of the bug that is exploited with the icecast exploit I disclosed earlier
this week. Furthermore it details another remotely exploitable bug. I sent
this to team at icecast.org and to Jack Moffit, but have not received a response
as of yet. So if people, like I noticed in the icecast at xiph.org list, are
weary off applying the temporary greater than 8000 bytes string check patch
to client.c (which makes sure you have a 192 byte buffer left for your server
hostname and stream port..and would thus catch pretty much all possible
attacks using said bugs) They can have a look at this analysis and apply
temporary fixes themselfs. Untill the Icecast dev team sees it fit to release
official patches.
Oh and in response to the "I know how to get passwords on a default install".
Isn't that just doable by going to http://example.icecast.server:8000/admin
right after a default install?
If this list does not allow attachments you can also find said analysis
at:
http://online.securityfocus.com/archive/1/265719
Oh and if people want to test their local systems against this bug..you
can aquire the exploit at:
(it should be noted that this version of the exploit is just meant for linux
x86 targets. This does not mean this bug is not exploitable on other platforms)
http://www.packetstormsecurity.nl/filedesc/icx.c.html
<p>ltr,
diz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icecast.txt
Type: application/octet-stream
Size: 4808 bytes
Desc: icecast.txt
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20020406/885b462f/attachment.obj>
More information about the Icecast
mailing list