[icecast] Full analysis of the remotely exploitable icecast 1.3.x bugs

Carl Karsten carl at personnelware.com
Mon Apr 8 18:00:20 PDT 2002

> Oh and in response to the "I know how to get passwords on a default install".
> Isn't that just doable by going to http://example.icecast.server:8000/admin
> right after a default install?

Correct.  I tried it on one other server, got the list of sets, reported it, and have yet to find a 3rd server.  after about the 5th
attempt, I gave up trying.


<p>--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Icecast mailing list