Users login

Create an account »


Users login

Home » Hacking News » FreeBSD security advisory - icecast

FreeBSD security advisory - icecast

by phiber on March 14th, 2001 The icecast software, versions prior to 1.3.7_1, contains multiple format string vulnerabilities, which allow a remote attacker to execute arbitrary code as the user running icecast, usually the root user.

There are a number of other potential abuses of format strings which may or may not pose security risks, but have not currently been audited.

The icecast port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains nearly 4700 third-party applications in a ready-to-install
format. The ports collections shipped with FreeBSD 3.5.1 and 4.2
contain this problem since it was discovered after the releases.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.


Arbitrary remote users can execute arbitrary code on the local system
as the user running icecast, usually the root user.

If you have not chosen to install the icecast port/package, then your
system is not vulnerable to this problem.


Deinstall the icecast port/package, if you have installed it.


Consider running the icecast software as a non-privileged user to
minimize the impact of further security vulnerabilities in this

You can get icecast upgrades URL in the whole advisory, so download it.

Download this advisory

FreeBSD Security

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »