Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2020 Tenable Network Security, Inc.ICECAST_LIBSHOUT_BOF.NASL
HistoryOct 01, 2004 - 12:00 a.m.

Icecast / libshout Multiple Remote Overflows

2004-10-0100:00:00
This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.
www.tenable.com
13
JSON

The remote server runs a version of Icecast, an open source streaming audio server, which is older than version 1.3.9.

Icecast and the libshout library are affected by a remote buffer overflow because they do not properly check bounds of data send from clients.

As a result of this vulnerability, it is possible for a remote attacker to cause a stack overflow and then execute arbitrary code with the privilege of the server.

*** Nessus reports this vulnerability using only*** information that was gathered.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(15398);
 script_version("1.15");

 script_cve_id("CVE-2001-1229");
 script_bugtraq_id(4735);
 
 script_name(english:"Icecast / libshout Multiple Remote Overflows");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote media server is affected by multiple buffer overflow
vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The remote server runs a version of Icecast, an open source 
streaming audio server, which is older than version 1.3.9.

Icecast and the libshout library are affected by a remote buffer 
overflow because they do not properly check bounds of data send from 
clients. 

As a result of this vulnerability, it is possible for a remote 
attacker to cause a stack overflow and then execute arbitrary code 
with the privilege of the server.

*** Nessus reports this vulnerability using only
*** information that was gathered." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/Mar/160" );
 script_set_attribute(attribute:"solution", value:
"There is no known solution at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/01");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/03/12");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 summary["english"] = "Check icecast version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.");
		
 script_family(english:"Web Servers");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8000);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_http_port(default:8000, embedded:TRUE);
if(!port) exit(0);

banner = tolower(get_http_banner(port:port));
if ( ! banner ) exit(0);
if("icecast/" >< banner &&
   egrep(pattern:"icecast/1\.(0\.[0-4][^0-9]|1\.|3\.[0-8][^0-9])", string:banner))
      security_hole(port);

Related

openvas 4
cve 1
freebsd 1
nessus 1
openvas
openvas
ICECast libshout remote buffer overflow
2005-11-03 00:00:00
ICECast libshout remote buffer overflow
2005-11-03 00:00:00
FreeBSD Ports: icecast
2008-09-04 00:00:00
cve
cve
CVE-2001-1229
2001-03-12 05:00:00
freebsd
freebsd
icecast 1.x multiple vulnerabilities
2002-04-28 00:00:00
nessus
nessus
FreeBSD : icecast 1.x multiple vulnerabilities (5e92e8a2-5d7b-11d8-80e3-0020ed76ef5a)
2005-07-13 00:00:00
JSON
Related for ICECAST_LIBSHOUT_BOF.NASL
openvas4cve1freebsd1nessus1