| Last Updated Date | May 29, 2008 |
| Release Date | Jun 24, 2005 |
| Severity | High |
| Impact | Compromise of the affected system. |
| Description | This indicates an attempt to exploit a buffer overflow vulnerability in Icecast server.
Icecast is an audio broadcast system that streams music in both MP3 and Ogg Vorbis formats. A vulnerability is reported in it that may allow an attacker to execute arbitrary code on the vulnerable system. This is due to the application's failure to bounds check user HTTP requests. When exploiting this, an attacker may send a specially crafted HTTP request with more than 31 headers to overflow buffers and execute arbitrary code on the affected system. |
| Affected Products | Icecast 2.0.1 and earlier versions. |
| Recommended Actions | Upgrade to Icecast 2.0.2 or later versions from the following URL:
http://svn.xiph.org/releases/icecast/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-1561
|
| Reference/s | http://www.securityfocus.com/bid/11271 (BugTraq)
http://aluigi.altervista.org/adv/iceexec-adv.txt
|