Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?

2001-08-13T00:00:00
ID SECURITYVULNS:DOC:1919
Type securityvulns
Reporter Securityvulns
Modified 2001-08-13T00:00:00

Description

Vendor : Nullsoft Product : SHOUTcast Server 1.8.2 Linux/win32/? Date : 01/08/2001

CONTENTS

  1. Overview
  2. Details
  3. Systems.
  4. Denial of Service
  5. Vendor Response

  6. Overview:

SHOUTcast Server is a streaming audio server. A "bad" client request can crash the server.

  1. Details

Server crash when get, seven times ( aprox ), a very long buffer (4KB) in fields: User-Agent and Host, in the client HTTP request.

  1. Systems

    • SHOUTcast Server 1.8.2 ( Linux )
    • SHOUTcast Server 1.8.2 ( Win32 )
    • SHOUTcast Server 1.8.2 ( Others ) ( No test )
  2. DoS

The DoS in C format is attached.

  1. Vendor Response

31/08/01: Sent problem to tom@nullsoft.com

03/08/01: No response from tom@nullsoft.com Sent problem to bugtraq@securityfocus.com

================================================= [ FraMe - frame@hispalab.com ] [ Digital LiVe - http://frame.lifefromthenet.com ] [ PGP Key - www.hispalab.com/frame/pgpkey.asc ] [ Geek Code - www.hispalab.com/frame/geek.txt ] =================================================