[Icecast] [Fwd: IceCast up to v2.20 multiple vulnerabilities]

Stauf stauf at freshcheese.net
Mon Mar 21 08:27:34 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Smith wrote:
>>1) The XSL parser has some unchecked buffers (local), but they dont seem
>>to be exploitable. If they are, they can be used for priviledge
>>escalation, under the user that the server runs.
>>
>><xsl:when test="<lots of chars>"></xsl:when>
>><xsl:if test="<lots of chars>"></xsl:if>
>><xsl:value-of select="<lots of chars>" />
>>
>>2) Cause XSL parser error "Could not parse XSLT file". (Not very useful).
>>
>>GET /status.xsl> HTTP/1.0
>>GET /status.xsl< HTTP/1.0
>>GET /<status.xsl HTTP/1.0
>>
>>3) XSL parser bypass. (Useful to steal customized XSL files, lol).
>>
>>GET /auth.xsl. HTTP/1.0
>>GET /status.xsl. HTTP/1.0
> 
> 
> 
> For what it's worth, 2) and 3) aren't reproducible with the current
> version (from svn). To my knowledge, there have been no relevant
> changes here since 2.2, I'd be very surprised if they were
> reproducible with 2.2 (or earlier?), but I don't really have the time
> to test. I still don't know what 1) is about, so I'm not sure if that
> matters.
> 
> Mike

Well, to be perfectly blunt, when I read this "security" post on
bugtraq, I didn't know if I should laugh or cry.  I had an inkling no
one has been contacted on the list, and frankly it looks like someone is
trying to get their name on bugtraq with another uselessly vague "OMG
LOL zer0 day1@#$" worded mail.

If the poster had even included some poc code, or some suggestions about
why he precieved things to be exploits I would take it seriously. Here,
since I see nothing of the sort, I'm shrugging this one off.

Thanks for the great job guys, keep it up.
- --


| " Yesterday upon the stair I met a man who wasn't there.
|   He wasn't there again today. I wish that man would go away."
|                   <[Hughes Mearns]>
| Latest Public Key: http://www.freshcheese.net/~stauf/stauf.gpg
- -----------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCPoV2es/ougteP9sRAhx6AKDBZClLojNiKlanWqaAP1LbmP30hwCgz2En
8JwhUDRvEc59mOLEjk83qV8=
=SwiD
-----END PGP SIGNATURE-----



More information about the Icecast mailing list