This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Icecast First view 2001-03-12
Product Icecast Last view 2014-12-10
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:icecast:icecast:1.3.7:*:*:*:*:*:*:* 11
cpe:2.3:a:icecast:icecast:1.3.8_beta2:*:*:*:*:*:*:* 9
cpe:2.3:a:icecast:icecast:1.3.5.1:*:*:*:*:*:*:* 9
cpe:2.3:a:icecast:icecast:1.3.5:*:*:*:*:*:*:* 9
cpe:2.3:a:icecast:icecast:1.3.7.1:*:*:*:*:*:*:* 9
cpe:2.3:a:icecast:icecast:1.3.0:*:*:*:*:*:*:* 9
cpe:2.3:a:icecast:icecast:1.3.8:*:*:*:*:*:*:* 8
cpe:2.3:a:icecast:icecast:1.3.9:*:*:*:*:*:*:* 8
cpe:2.3:a:icecast:icecast:1.3.10:*:*:*:*:*:*:* 8
cpe:2.3:a:icecast:icecast:1.0.0:*:*:*:*:*:*:* 8
cpe:2.3:a:icecast:icecast:1.3.9.1:*:*:*:*:*:*:* 7
cpe:2.3:a:icecast:icecast:1.3.9.2:*:*:*:*:*:*:* 7
cpe:2.3:a:icecast:icecast:1.3.12:*:*:*:*:*:*:* 7
cpe:2.3:a:icecast:icecast:1.3.11:*:*:*:*:*:*:* 7
cpe:2.3:a:icecast:icecast:1.3.10.1:*:*:*:*:*:*:* 6
cpe:2.3:a:icecast:icecast:2.0:*:*:*:*:*:*:* 5
cpe:2.3:a:icecast:icecast:2.0.1:*:*:*:*:*:*:* 5
cpe:2.3:a:icecast:icecast:2.0.0:*:*:*:*:*:*:* 4
cpe:2.3:a:icecast:icecast:2.0.2:*:*:*:*:*:*:* 4
cpe:2.3:a:icecast:icecast:2.1.0:*:*:*:*:*:*:* 4
cpe:2.3:a:icecast:icecast:2.2:*:*:*:*:*:*:* 4
cpe:2.3:a:icecast:icecast:1.310:*:*:*:*:*:*:* 4
cpe:2.3:a:icecast:icecast:2.3.1:*:*:*:*:*:*:* 3
cpe:2.3:a:icecast:icecast:2.3.0:*:*:*:*:*:*:* 3
cpe:2.3:a:icecast:icecast:2.20:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
4.6 2014-12-10 CVE-2014-9091

Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.

5 2014-12-03 CVE-2014-9018

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.

5 2012-11-19 CVE-2011-4612

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.

7.5 2005-05-02 CVE-2005-0838

Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag.

5 2005-05-02 CVE-2005-0837

IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).

7.5 2004-12-31 CVE-2004-1561

Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.

4.3 2004-10-20 CVE-2004-0781

Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.

5 2004-05-10 CVE-2004-2027

Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read.

5 2002-12-31 CVE-2002-1982

Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not.

7.5 2002-04-22 CVE-2002-0177

Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client.

5 2001-10-18 CVE-2001-0784

Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.

5 2001-06-26 CVE-2001-1083

Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).

10 2001-03-26 CVE-2001-0197

Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.

7.5 2001-03-13 CVE-2001-1230

Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.

7.5 2001-03-12 CVE-2001-1229

Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-200 Information Exposure
33% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
14898 Icecast Malformed XSL File Overflow
14897 Icecast XSL Parser Stylesheet Source Disclosure
10445 Icecast MP3 Client HTTP GET Request Remote Overflow
10444 Icecast Multiple Unspecified Remote Overflows
10443 Icecast / libshout Multiple Remote Overflows
10406 Icecast Server Multiple HTTP Headers Overflow
9143 Icecast list.cgi User-Agent XSS
6075 Icecast HTTP Basic Authorization Remote Overflow DoS
5472 Icecast Crafted URI Remote DoS
1883 Icecast Encoded Traversal Arbitrary File Access
847 Icecast Server list_directory Function Traversal File / Directory Enumeration
496 Icecast utils.c fd_write Function Format String

OpenVAS Exploits

id Description
2012-10-26 Name : Fedora Update for icecast FEDORA-2012-16147
File : nvt/gb_fedora_2012_16147_icecast_fc17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200405-10 (icecast)
File : nvt/glsa_200405_10.nasl
2008-09-04 Name : FreeBSD Ports: icecast
File : nvt/freebsd_icecast.nasl
2008-09-04 Name : FreeBSD Ports: icecast
File : nvt/freebsd_icecast0.nasl
2008-09-04 Name : FreeBSD Ports: icecast2
File : nvt/freebsd_icecast2.nasl
2008-01-17 Name : Debian Security Advisory DSA 089-1 (icecast-server)
File : nvt/deb_089_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 541-1 (icecast-server)
File : nvt/deb_541_1.nasl
2005-11-03 Name : ICECast AVLlib remote buffer overflow
File : nvt/icecast_avllib_bof.nasl
2005-11-03 Name : ICECast directory traversal flaw
File : nvt/icecast_dir_traversal.nasl
2005-11-03 Name : ICECast HTTP basic authorization DoS
File : nvt/icecast_http_basic_auth.nasl
2005-11-03 Name : ICECast libshout remote buffer overflow
File : nvt/icecast_libshout_bof.nasl
2005-11-03 Name : ICECast remote buffer overflow
File : nvt/icecast_rbof.nasl
2005-11-03 Name : ICECast crafted URL DoS
File : nvt/icecast_slash_dos.nasl
2005-11-03 Name : ICECast XSS
File : nvt/icecast_xss.nasl

Snort® IPS/IDS

Date Description
2014-01-10 IceCast header buffer overflow attempt
RuleID : 8703 - Type : SERVER-OTHER - Revision : 8
2014-01-10 IceCast header buffer overflow attempt
RuleID : 8702 - Type : SERVER-OTHER - Revision : 7
2014-01-10 IceCast header buffer overflow attempt
RuleID : 8701 - Type : SERVER-WEBAPP - Revision : 8

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-38.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16483.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16435.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16394.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-755.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-754.nasl - Type: ACT_GATHER_INFO
2014-11-28 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2014-231.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_icecast-120306.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-153.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2013-091.nasl - Type: ACT_GATHER_INFO
2012-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2012-16130.nasl - Type: ACT_GATHER_INFO
2012-10-24 Name: The remote Fedora host is missing a security update.
File: fedora_2012-16147.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_b2cfb4001df011d9a8590050fc56d258.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_5e92e8a25d7b11d880e30020ed76ef5a.nasl - Type: ACT_GATHER_INFO
2005-03-22 Name: The remote media streaming server is affected by multiple issues.
File: icecast_xsl_parser_flaws.nasl - Type: ACT_ATTACK
2004-10-01 Name: The remote streaming media server is affected by a remote buffer overflow vul...
File: icecast_rbof.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote streaming media server is affected by a remote denial of service v...
File: icecast_slash_dos.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote media server is affected by multiple buffer overflow vulnerabilities.
File: icecast_libshout_bof.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote media server is vulnerable to a remote denial of service attack.
File: icecast_http_basic_auth.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote streaming audio server is affected by an information disclosure vu...
File: icecast_dir_traversal.nasl - Type: ACT_GATHER_INFO
2004-10-01 Name: The remote streaming audio server is affected by a remote buffer overflow vul...
File: icecast_avllib_bof.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-089.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-541.nasl - Type: ACT_GATHER_INFO
2004-09-28 Name: The remote web server is prone to a buffer overflow attack.
File: icecast_http_header_overflow.nasl - Type: ACT_MIXED_ATTACK
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200405-10.nasl - Type: ACT_GATHER_INFO