Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-020.0-Linux: icecast buffer overflows and denial-of-service

CSSA-2002-020.0-Linux: icecast buffer overflows and denial-of-service

by Nikola Strahija on May 14th, 2002 Buffer overflows in the icecast server allow remote attackers to execute arbitrary code via a long HTTP GET request, as well as allowing denial of service attacks.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to icecast-1.3.12-1.i386.rpm

OpenLinux 3.1 Server prior to icecast-1.3.12-1.i386.rpm


3. Solution

The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

83407efa0c40a9ceac02606ae37237f2 icecast-1.3.12-1.i386.rpm

4.3 Installation

rpm -Fvh icecast-1.3.12-1.i386.rpm

4.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

d55ff1702ff28781cf097566e34c91c5 icecast-1.3.12-1.src.rpm


5. OpenLinux 3.1 Server

5.1 Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

5.2 Packages

acd0d312bcb7679c205eb5305d7d4585 icecast-1.3.12-1.i386.rpm

5.3 Installation

rpm -Fvh icecast-1.3.12-1.i386.rpm

5.4 Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

5.5 Source Packages

b36bf262d34fb88e9a00b695b024916e icecast-1.3.12-1.src.rpm


6. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0177

Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:
http://stage.caldera.com/support/security/

This security fix closes Caldera incidents sr863781, fz520848
and erg712036.


7. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.


8. Acknowledgements

The "Packet Knights" group discovered some of these
vulnerabilities.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »