Test ID:	1.3.6.1.4.1.25623.1.0.52518
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: icecast
Summary:	FreeBSD Ports: icecast
Description:	The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: icecast CVE-2002-0177 Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client. CVE-2001-1230 Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. CVE-2001-1229 Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. CVE-2001-1083 Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). CVE-2001-0784 Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters. Solution: Update your system with the appropriate patches or software upgrades.
Cross-Ref:	BugTraq ID: 4415 BugTraq ID: 2933 Common Vulnerability Exposure (CVE) ID: CVE-2002-0177 Bugtraq: 20020402 icecast 1.3.11 remote shell/root exploit - #temp (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=101780890326179&w=2 Bugtraq: 20020403 Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=101786838300906&w=2 Bugtraq: 20020404 Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11 (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=101793704306035&w=2 CERT/CC vulnerability note: VU#596387 http://www.kb.cert.org/vuls/id/596387 http://www.securityfocus.com/bid/4415 Common Vulnerability Exposure (CVE) ID: CVE-2001-1230 Bugtraq: 20010313 More Icecast remote vulnerabilities (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=98455723123298&w=2 Debian Security Information: DSA-089 (Google Search) http://www.debian.org/security/2001/dsa-089 http://www.redhat.com/support/errata/RHSA-2002-063.html Common Vulnerability Exposure (CVE) ID: CVE-2001-1229 Bugtraq: 20010312 Icecast / Libshout remote vulnerabilities (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=98438880622976&w=2 Conectiva Linux advisory: CLA-2001:387 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000387 Common Vulnerability Exposure (CVE) ID: CVE-2001-1083 Bugtraq: 20010626 Advisory (Google Search) http://www.securityfocus.com/archive/1/193516 http://www.icecast.org/index.html Caldera Security Advisory: CSSA-2002-020.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-020.0.txt http://www.redhat.com/support/errata/RHSA-2001-105.html http://www.securityfocus.com/bid/2933 XForce ISS Database: icecast-http-remote-dos(6751) http://xforce.iss.net/static/6751.php Common Vulnerability Exposure (CVE) ID: CVE-2001-0784 http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html BugTraq ID: 2932 http://www.securityfocus.com/bid/2932 XForce ISS Database: icecast-dot-directory-traversal(6752) http://xforce.iss.net/static/6752.php http://www.osvdb.org/1883
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: