[icecast] (Fwd) [SA11578] Icecast Basic Authorization Denial of Service

Michael Smith msmith at xiph.org
Thu May 13 03:15:43 UTC 2004



On Thursday 13 May 2004 00:35, Jack Moffitt wrote:
> > Anybody from the core can tell about the background and possible
> > fixes?
> >
> > TITLE:
> > Icecast Basic Authorization Denial of Service Vulnerability
>
> I'm all for full and immediate disclosure, but I feel like these people
> should at least send us a Cc: on these announcements.  Isn't the point
> to get us to fix them? :)
>
> In any case, this is probably an easy fix.
>
> jack.

They did give us some up-front notice, and I fixed the bug (it's 'only' a 
difficult-to-trigger DoS - I couldn't trigger it with the directions given), 
nobody could use it to break into a system. 

I meant to do the whole release thing as a result, but I've been tied up with 
trying to find a new place to live. Sorry.

Mike

--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Icecast mailing list