This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Icecast First view 2001-03-13
Product Icecast Last view 2014-12-10
Version 1.3.9.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:icecast:icecast

Activity : Overall

Related : CVE

  Date Alert Description
4.6 2014-12-10 CVE-2014-9091

Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.

5 2014-12-03 CVE-2014-9018

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.

5 2012-11-19 CVE-2011-4612

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.

4.3 2004-10-20 CVE-2004-0781

Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.

5 2004-05-10 CVE-2004-2027

Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read.

5 2001-10-18 CVE-2001-0784

Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.

7.5 2001-03-13 CVE-2001-1230

Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-200 Information Exposure
33% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
10444 Icecast Multiple Unspecified Remote Overflows
9143 Icecast list.cgi User-Agent XSS
6075 Icecast HTTP Basic Authorization Remote Overflow DoS
1883 Icecast Encoded Traversal Arbitrary File Access

OpenVAS Exploits

id Description
2012-10-26 Name : Fedora Update for icecast FEDORA-2012-16147
File : nvt/gb_fedora_2012_16147_icecast_fc17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-10 (icecast)
File : nvt/glsa_200405_10.nasl
2008-09-04 Name : FreeBSD Ports: icecast
File : nvt/freebsd_icecast.nasl
2008-09-04 Name : FreeBSD Ports: icecast
File : nvt/freebsd_icecast0.nasl
2008-01-17 Name : Debian Security Advisory DSA 089-1 (icecast-server)
File : nvt/deb_089_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 541-1 (icecast-server)
File : nvt/deb_541_1.nasl
2005-11-03 Name : ICECast directory traversal flaw
File : nvt/icecast_dir_traversal.nasl
2005-11-03 Name : ICECast HTTP basic authorization DoS
File : nvt/icecast_http_basic_auth.nasl
2005-11-03 Name : ICECast remote buffer overflow
File : nvt/icecast_rbof.nasl
2005-11-03 Name : ICECast XSS
File : nvt/icecast_xss.nasl

Nessus® Vulnerability Scanner

id Description
2014-12-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-38.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16394.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16435.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16483.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-754.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-755.nasl - Type: ACT_GATHER_INFO
2014-11-28 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2014-231.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-153.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_icecast-120306.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2013-091.nasl - Type: ACT_GATHER_INFO
2012-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2012-16147.nasl - Type: ACT_GATHER_INFO
2012-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2012-16130.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_b2cfb4001df011d9a8590050fc56d258.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_5e92e8a25d7b11d880e30020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote streaming audio server is affected by an information disclosure vu...
File: icecast_dir_traversal.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote media server is vulnerable to a remote denial of service attack.
File: icecast_http_basic_auth.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote streaming media server is affected by a remote buffer overflow vul...
File: icecast_rbof.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-541.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-089.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200405-10.nasl - Type: ACT_GATHER_INFO
2004-08-27 Name: The remote streaming media server is hosting a CGI script that is affected by...
File: icecast_xss.nasl - Type: ACT_GATHER_INFO