This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Icecast First view 2004-12-31
Product Icecast Last view 2014-12-10
Version 2.0.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:icecast:icecast

Activity : Overall

Related : CVE

  Date Alert Description
4.6 2014-12-10 CVE-2014-9091

Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.

5 2014-12-03 CVE-2014-9018

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.

5 2012-11-19 CVE-2011-4612

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.

5 2005-05-02 CVE-2005-0837

IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).

7.5 2004-12-31 CVE-2004-1561

Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-200 Information Exposure
33% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
14898 Icecast Malformed XSL File Overflow
10406 Icecast Server Multiple HTTP Headers Overflow

OpenVAS Exploits

id Description
2012-10-26 Name : Fedora Update for icecast FEDORA-2012-16147
File : nvt/gb_fedora_2012_16147_icecast_fc17.nasl
2008-09-04 Name : FreeBSD Ports: icecast2
File : nvt/freebsd_icecast2.nasl

Snort® IPS/IDS

Date Description
2014-01-10 IceCast header buffer overflow attempt
RuleID : 8703 - Type : SERVER-OTHER - Revision : 8
2014-01-10 IceCast header buffer overflow attempt
RuleID : 8702 - Type : SERVER-OTHER - Revision : 7
2014-01-10 IceCast header buffer overflow attempt
RuleID : 8701 - Type : SERVER-WEBAPP - Revision : 8

Nessus® Vulnerability Scanner

id Description
2014-12-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-38.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16394.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16435.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16483.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-754.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-755.nasl - Type: ACT_GATHER_INFO
2014-11-28 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2014-231.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-153.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_icecast-120306.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2013-091.nasl - Type: ACT_GATHER_INFO
2012-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2012-16130.nasl - Type: ACT_GATHER_INFO
2012-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2012-16147.nasl - Type: ACT_GATHER_INFO
2005-03-22 Name: The remote media streaming server is affected by multiple issues.
File: icecast_xsl_parser_flaws.nasl - Type: ACT_ATTACK
2004-09-28 Name: The remote web server is prone to a buffer overflow attack.
File: icecast_http_header_overflow.nasl - Type: ACT_MIXED_ATTACK