Icecast 2.x - XSL Parser Multiple Vulnerabilities

2005-03-18T00:00:00
ID EXPLOITPACK:B0397375559CBE1C1E2109822628E75D
Type exploitpack
Reporter patrick
Modified 2005-03-18T00:00:00

Description

Icecast 2.x - XSL Parser Multiple Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/12849/info

Icecast is reported prone to multiple vulnerabilities. The following individual issues are reported:

Icecast XSL parser is reported to be prone to a buffer overflow vulnerability. This issue exists due to a lack of sufficient boundary checks performed on certain XSL tag values before copying these values into a finite buffer in process memory. It is reported that the vulnerability manifests when a malicious XSL file is parsed by the affected software.

This issue may potentially be exploited to deny service for legitimate users or potentially execute arbitrary code in the context of the user that is running the affected software. This is not confirmed.

It is reported that the Icecast XSL parser is prone to an information disclosure vulnerability. It is reported that the parser fails to parse XSL files when a request for such a file is appended with a dot '.' character.

A remote attacker may exploit this vulnerability to disclose the contents of XSL files that can be requested publicly.

These vulnerabilities are reported to affect Icecast version 2.20, other versions might also be affected. 

<xsl:when test="<lots of chars>"></xsl:when>
<xsl:if test="<lots of chars>"></xsl:if>
<xsl:value-of select="<lots of chars>" />

GET /auth.xsl. HTTP/1.0
GET /status.xsl. HTTP/1.0