Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2020 Tenable Network Security, Inc.ICECAST_RBOF.NASL
HistoryOct 01, 2004 - 12:00 a.m.

Icecast Multiple Unspecified Remote Overflows

2004-10-0100:00:00
This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.
www.tenable.com
9
JSON

The remote server runs a version of Icecast, an open source streaming audio server, which is older than version 1.3.10.

This version is affected by a remote buffer overflow.

As a result of this vulnerability, it is possible for a remote attacker to execute arbitrary code with the privilege of the server.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(15399);
 script_version("1.16");

 script_cve_id("CVE-2001-1230");
 script_bugtraq_id(4743);
 
 script_name(english:"Icecast Multiple Unspecified Remote Overflows");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote streaming media server is affected by a remote buffer
overflow vulnerability." );
 script_set_attribute(attribute:"description", value:
"The remote server runs a version of Icecast, an open source 
streaming audio server, which is older than version 1.3.10.

This version is affected by a remote buffer overflow.

As a result of this vulnerability, it is possible for a remote 
attacker to execute arbitrary code with the privilege of the server." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/Mar/198" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Icecast 1.3.10 or later, as this reportedly fixes the 
issue." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");



 script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/01");
 script_set_attribute(attribute:"vuln_publication_date", value: "2002/03/13");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 summary["english"] = "Check icecast version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.");
		
 script_family(english:"Web Servers");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8000);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_http_port(default:8000, embedded:TRUE);
if(!port)exit(0);

banner = tolower(get_http_banner(port:port));
if ( ! banner ) exit(0);

if("icecast/" >< banner && egrep(pattern:"icecast/1\.(1\.|3\.[0-9][^0-9])", string:banner)) security_hole(port);

Related

openvas 6
cve 1
nessus 2
freebsd 1
openvas
openvas
ICECast remote buffer overflow
2005-11-03 00:00:00
ICECast remote buffer overflow
2005-11-03 00:00:00
Debian Security Advisory DSA 089-1 (icecast-server)
2008-01-17 00:00:00
cve
cve
CVE-2001-1230
2001-03-13 05:00:00
nessus
nessus
Debian DSA-089-2 : icecast-server - remote root exploit (and others)
2004-09-29 00:00:00
FreeBSD : icecast 1.x multiple vulnerabilities (5e92e8a2-5d7b-11d8-80e3-0020ed76ef5a)
2005-07-13 00:00:00
freebsd
freebsd
icecast 1.x multiple vulnerabilities
2002-04-28 00:00:00
JSON
Related for ICECAST_RBOF.NASL
openvas6cve1nessus2freebsd1