This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Icecast First view 2001-03-12
Product Icecast Last view 2014-12-10
Version 1.0.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:icecast:icecast

Activity : Overall

Related : CVE

  Date Alert Description
4.6 2014-12-10 CVE-2014-9091

Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.

5 2014-12-03 CVE-2014-9018

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.

5 2012-11-19 CVE-2011-4612

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.

5 2001-10-18 CVE-2001-0784

Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.

5 2001-06-26 CVE-2001-1083

Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).

10 2001-03-26 CVE-2001-0197

Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.

7.5 2001-03-13 CVE-2001-1230

Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.

7.5 2001-03-12 CVE-2001-1229

Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-200 Information Exposure
33% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
10444 Icecast Multiple Unspecified Remote Overflows
10443 Icecast / libshout Multiple Remote Overflows
5472 Icecast Crafted URI Remote DoS
1883 Icecast Encoded Traversal Arbitrary File Access
496 Icecast utils.c fd_write Function Format String

OpenVAS Exploits

id Description
2012-10-26 Name : Fedora Update for icecast FEDORA-2012-16147
File : nvt/gb_fedora_2012_16147_icecast_fc17.nasl
2008-09-04 Name : FreeBSD Ports: icecast
File : nvt/freebsd_icecast0.nasl
2008-01-17 Name : Debian Security Advisory DSA 089-1 (icecast-server)
File : nvt/deb_089_1.nasl
2005-11-03 Name : ICECast directory traversal flaw
File : nvt/icecast_dir_traversal.nasl
2005-11-03 Name : ICECast libshout remote buffer overflow
File : nvt/icecast_libshout_bof.nasl
2005-11-03 Name : ICECast remote buffer overflow
File : nvt/icecast_rbof.nasl
2005-11-03 Name : ICECast crafted URL DoS
File : nvt/icecast_slash_dos.nasl

Nessus® Vulnerability Scanner

id Description
2014-12-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-38.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16483.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16435.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16394.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-755.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-754.nasl - Type: ACT_GATHER_INFO
2014-11-28 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2014-231.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_icecast-120306.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-153.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2013-091.nasl - Type: ACT_GATHER_INFO
2012-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2012-16147.nasl - Type: ACT_GATHER_INFO
2012-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2012-16130.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_5e92e8a25d7b11d880e30020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote streaming media server is affected by a remote denial of service v...
File: icecast_slash_dos.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote streaming media server is affected by a remote buffer overflow vul...
File: icecast_rbof.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote media server is affected by multiple buffer overflow vulnerabilities.
File: icecast_libshout_bof.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote streaming audio server is affected by an information disclosure vu...
File: icecast_dir_traversal.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-089.nasl - Type: ACT_GATHER_INFO
2001-01-24 Name: The remote host is vulnerable to a remote code execution attack.
File: icecast_overflow.nasl - Type: ACT_GATHER_INFO