|
Family: Debian Local Security Checks --> Category: infos
[DSA541] DSA-541-1 icecast-server Vulnerability Scan
Vulnerability Scan Summary DSA-541-1 icecast-server
Detailed Explanation for this Vulnerability Test
Markus Wörle discovered a cross site scripting problem in
status-display (list.cgi) of the icecast internal webserver, an MPEG
layer III streaming server. The UserAgent variable is not properly
html_escaped so that a possible hacker could cause the client to execute
arbitrary Java script commands.
For the stable distribution (woody) this problem has been fixed in
version 1.3.11-4.2.
For the unstable distribution (sid) this problem has been fixed in
version 1.3.12-8.
We recommend that you upgrade your icecast-server package.
Solution : http://www.debian.org/security/2004/dsa-541
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|