|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200405-10] Icecast denial of service vulnerability Vulnerability Scan
Vulnerability Scan Summary Icecast denial of service vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200405-10
(Icecast denial of service vulnerability)
There is an out-of-bounds read error in the web interface of Icecast when
handling Basic Authorization requests. This vulnerability can theorically
be exploited by sending a specially crafted Authorization header to the
server.
Impact
By exploiting this vulnerability, it is possible to crash the Icecast
server remotely, resulting in a denial of service attack.
Workaround
There is no known workaround at this time. All users are advised to upgrade
to the latest available version of Icecast.
References:
http://www.xiph.org/archives/icecast/7144.html
Solution:
All users of Icecast should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-misc/icecast-2.0.1"
# emerge ">=net-misc/icecast-2.0.1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|