Test ID:	1.3.6.1.4.1.25623.1.0.52518
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: icecast
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: icecast CVE-2002-0177 Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client. CVE-2001-1230 Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. CVE-2001-1229 Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. CVE-2001-1083 Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). CVE-2001-0784 Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0177 BugTraq ID: 4415 http://www.securityfocus.com/bid/4415 Bugtraq: 20020402 icecast 1.3.11 remote shell/root exploit - #temp (Google Search) http://marc.info/?l=bugtraq&m=101780890326179&w=2 Bugtraq: 20020403 Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!) (Google Search) http://marc.info/?l=bugtraq&m=101786838300906&w=2 Bugtraq: 20020404 Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11 (Google Search) http://marc.info/?l=bugtraq&m=101793704306035&w=2 CERT/CC vulnerability note: VU#596387 http://www.kb.cert.org/vuls/id/596387 Common Vulnerability Exposure (CVE) ID: CVE-2001-1230 Bugtraq: 20010313 More Icecast remote vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=98455723123298&w=2 Debian Security Information: DSA-089 (Google Search) http://www.debian.org/security/2001/dsa-089 http://www.redhat.com/support/errata/RHSA-2002-063.html Common Vulnerability Exposure (CVE) ID: CVE-2001-1229 Bugtraq: 20010312 Icecast / Libshout remote vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=98438880622976&w=2 Conectiva Linux advisory: CLA-2001:387 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000387 Common Vulnerability Exposure (CVE) ID: CVE-2001-1083 BugTraq ID: 2933 http://www.securityfocus.com/bid/2933 Bugtraq: 20010626 Advisory (Google Search) http://www.securityfocus.com/archive/1/193516 Caldera Security Advisory: CSSA-2002-020.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-020.0.txt http://www.icecast.org/index.html http://www.redhat.com/support/errata/RHSA-2001-105.html XForce ISS Database: icecast-http-remote-dos(6751) https://exchange.xforce.ibmcloud.com/vulnerabilities/6751 Common Vulnerability Exposure (CVE) ID: CVE-2001-0784 BugTraq ID: 2932 http://www.securityfocus.com/bid/2932 http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html http://www.osvdb.org/1883 XForce ISS Database: icecast-dot-directory-traversal(6752) https://exchange.xforce.ibmcloud.com/vulnerabilities/6752
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.