|
Family: CGI abuses --> Category: attack
Icecast XSL Parser Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for XSL parser vulnerabilities in Icecast
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote media streaming server is affected by multiple issues.
Description :
The remote host is running a version of Icecast that suffers from two
flaws in its XSL parser.
- A Locally-Exploitable Buffer Overflow Vulnerability
The XSL parser does not check the size of XSL 'when', 'if',
and 'value-of' tag values before copying them into a finite
buffer in process memory. A possible hacker may potentially be
able to exploit this vulnerability to execute arbitrary
code if he can have a specially-crafted XSL file placed in
an Icecast folder.
- An Information Disclosure Vulnerability
The XSL parser fails to parse XSL files when the request ends
with a dot ('.') and instead simply returns the contents.
A possible hacker can exploit this to uncover sensitive information
contained in XSL files.
See also :
http://www.securityfocus.com/archive/1/393705
http://lists.xiph.org/pipermail/icecast/2005-March/008882.html
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 4
(AV:L/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|