[Icecast] [Fwd: IceCast up to v2.20 multiple vulnerabilities]
mlrsmith at gmail.com
Sun Mar 20 17:24:05 PST 2005
> 1) The XSL parser has some unchecked buffers (local), but they dont seem
> to be exploitable. If they are, they can be used for priviledge
> escalation, under the user that the server runs.
> <xsl:when test="<lots of chars>"></xsl:when>
> <xsl:if test="<lots of chars>"></xsl:if>
> <xsl:value-of select="<lots of chars>" />
> 2) Cause XSL parser error "Could not parse XSLT file". (Not very useful).
> GET /status.xsl> HTTP/1.0
> GET /status.xsl< HTTP/1.0
> GET /<status.xsl HTTP/1.0
> 3) XSL parser bypass. (Useful to steal customized XSL files, lol).
> GET /auth.xsl. HTTP/1.0
> GET /status.xsl. HTTP/1.0
For what it's worth, 2) and 3) aren't reproducible with the current
version (from svn). To my knowledge, there have been no relevant
changes here since 2.2, I'd be very surprised if they were
reproducible with 2.2 (or earlier?), but I don't really have the time
to test. I still don't know what 1) is about, so I'm not sure if that
More information about the Icecast