[icecast] (Fwd) [SA11578] Icecast Basic Authorization Denial of Service
Michael Smith
msmith at xiph.org
Thu May 13 03:15:43 UTC 2004
On Thursday 13 May 2004 00:35, Jack Moffitt wrote:
> > Anybody from the core can tell about the background and possible
> > fixes?
> >
> > TITLE:
> > Icecast Basic Authorization Denial of Service Vulnerability
>
> I'm all for full and immediate disclosure, but I feel like these people
> should at least send us a Cc: on these announcements. Isn't the point
> to get us to fix them? :)
>
> In any case, this is probably an easy fix.
>
> jack.
They did give us some up-front notice, and I fixed the bug (it's 'only' a
difficult-to-trigger DoS - I couldn't trigger it with the directions given),
nobody could use it to break into a system.
I meant to do the whole release thing as a result, but I've been tied up with
trying to find a new place to live. Sorry.
Mike
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast
mailing list