[icecast] [dizznutt at my.security.nl: [Secure] Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11]

un at dom.de un at dom.de
Tue Apr 9 14:29:01 UTC 2002


hi,

don't know whether this is already covered in the list,
sorry if it's old news...
is there any 1.3.11 bugfix release out there? can't find things
on icecast.org

attached the email from bugtraq.

best, uno

<p>

<strong>attached mail follows:</strong><hr noshade>



Hello,

Attached is a full analysis to accompany the earlier disclosed remote root/shell 
exploit for the Icecast mp3 streaming server. It also details some other 
exploitable bugs besides the one that is exploited with the supplied exploit 
and thus I believe has posting value. This write-up was mainly meant to 
aid the icecast developers in locating and eliminating the exact problems,
 but I can imagine it would be of some value to other interested parties 
as well.

ltr,
diz - #temp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icecast.txt
Type: application/octet-stream
Size: 4808 bytes
Desc: icecast.txt
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20020409/9b81fe24/attachment.obj>


More information about the Icecast mailing list