Search...

icecast information disclosure

2014-11-30T00:00:00

ID SECURITYVULNS:VULN:14110
Type securityvulns
Reporter BUGTRAQ
Modified 2014-11-30T00:00:00

Description

Server leaks scripts sources.

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:VULN:14110", "bulletinFamily": "software", "title": "icecast information disclosure", "description": "Server leaks scripts sources.", "published": "2014-11-30T00:00:00", "modified": "2014-11-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14110", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31406"], "cvelist": ["CVE-2014-9018"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "1fc0ad412d26a1a5f383aacee30caed4"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "120c15effcfe0463d25786f389c662b4"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "d0f0ce1e214890881ab71b095555128c"}, {"key": "href", "hash": "4f09d0cefef853909537aeb2668f2c7c"}, {"key": "modified", "hash": "df798bf2aaedabce5d56bfbcb8e3593b"}, {"key": "published", "hash": "df798bf2aaedabce5d56bfbcb8e3593b"}, {"key": "references", "hash": "a28ff9a7cf461c3a6621cce6f10a07ba"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "5c521ac66a23181b01451672ed112e09"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "ad9ba107da81c24ea7864eeafa015b535b307ebc05af746a4bbd278b60afcb3b", "viewCount": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:09:58"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9018"]}, {"type": "archlinux", "idList": ["ASA-201411-32"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-231.NASL", "OPENSUSE-2014-755.NASL", "OPENSUSE-2014-754.NASL", "FEDORA_2014-16483.NASL", "FEDORA_2014-16394.NASL", "GENTOO_GLSA-201412-38.NASL", "FEDORA_2014-16435.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31406"]}, {"type": "gentoo", "idList": ["GLSA-201412-38"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121324", "OPENVAS:1361412562310868599", "OPENVAS:1361412562310868602", "OPENVAS:1361412562310868844", "OPENVAS:1361412562310869882"]}], "modified": "2018-08-31T11:09:58"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": [{"name": "icecast", "operator": "eq", "version": "2.3"}]}

{"cve": [{"lastseen": "2017-09-08T10:27:07", "bulletinFamily": "NVD", "description": "Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.", "modified": "2017-09-07T21:29:31", "published": "2014-12-03T13:59:08", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9018", "id": "CVE-2014-9018", "title": "CVE-2014-9018", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "description": "It was reported that Icecast could possibly leak the contents of\non-connect scripts to clients, which may contain sensitive information.\n\nIf on-connect/on-disconnect scripts are used, file descriptors of the\nserver process remain open and could be written to or read from. Most\npressing STDIN, STDOUT, STDERR are handled.\nFurther all file descriptors up to 1024 are closed. There is a remaining\n(much lower) risk in combination of either a malicious or susceptible\nscript and FDs above 1024.", "modified": "2014-11-28T00:00:00", "published": "2014-11-28T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html", "id": "ASA-201411-32", "title": "icecast: information leak", "type": "archlinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:231\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : icecast\r\n Date : November 27, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated icecast package fixes security vulnerability:\r\n \r\n Icecast did not properly handle the launching of scripts on connect\r\n or disconnect of sources. This could result in sensitive information\r\n from these scripts leaking to (external) clients (CVE-2014-9018).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9018\r\n http://advisories.mageia.org/MGASA-2014-0494.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 2a50c62551aeeec847c53412799938cd mbs1/x86_64/icecast-2.3.2-4.2.mbs1.x86_64.rpm \r\n f2cc33156a5f369623082e92c98b15a9 mbs1/SRPMS/icecast-2.3.2-4.2.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUdvYQmqjQ0CJFipgRAn2gAKDxH6iLgMzDQ7CzUDxnYnFS5sb4pQCbBC63\r\nW/wtkRAnAO3ZBbrX+ctcxfc=\r\n=o6Os\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-11-30T00:00:00", "published": "2014-11-30T00:00:00", "id": "SECURITYVULNS:DOC:31406", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31406", "title": "[ MDVSA-2014:231 ] icecast", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-11-13T16:57:52", "bulletinFamily": "scanner", "description": "icecast was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Possible leak of on-connect scripts (CVE-2014-9018).", "modified": "2018-11-10T00:00:00", "published": "2014-12-09T00:00:00", "id": "OPENSUSE-2014-755.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79817", "title": "openSUSE Security Update : icecast (openSUSE-SU-2014:1593-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-755.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79817);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-9018\");\n\n script_name(english:\"openSUSE Security Update : icecast (openSUSE-SU-2014:1593-1)\");\n script_summary(english:\"Check for the openSUSE-2014-755 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"icecast was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Possible leak of on-connect scripts (CVE-2014-9018).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icecast packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icecast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icecast-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icecast-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"icecast-2.4.0-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"icecast-debuginfo-2.4.0-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"icecast-debugsource-2.4.0-2.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icecast / icecast-debuginfo / icecast-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:22:55", "bulletinFamily": "scanner", "description": "Updated icecast package fixes security vulnerability :\n\nIcecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to (external) clients (CVE-2014-9018).", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2014-231.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79611", "published": "2014-11-28T00:00:00", "title": "Mandriva Linux Security Advisory : icecast (MDVSA-2014:231)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:231. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79611);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2014-9018\");\n script_bugtraq_id(71205);\n script_xref(name:\"MDVSA\", value:\"2014:231\");\n\n script_name(english:\"Mandriva Linux Security Advisory : icecast (MDVSA-2014:231)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated icecast package fixes security vulnerability :\n\nIcecast did not properly handle the launching of scripts on connect or\ndisconnect of sources. This could result in sensitive information from\nthese scripts leaking to (external) clients (CVE-2014-9018).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0494.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icecast package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:icecast\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"icecast-2.3.2-4.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-13T16:55:12", "bulletinFamily": "scanner", "description": "icecast was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - Supplementary groups were not overriden (CVE-2014-9091).\n\n - Possible leak of on-connect scripts (CVE-2014-9018).", "modified": "2018-11-10T00:00:00", "published": "2014-12-09T00:00:00", "id": "OPENSUSE-2014-754.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79816", "title": "openSUSE Security Update : icecast (openSUSE-SU-2014:1591-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-754.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79816);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-9018\", \"CVE-2014-9091\");\n\n script_name(english:\"openSUSE Security Update : icecast (openSUSE-SU-2014:1591-1)\");\n script_summary(english:\"Check for the openSUSE-2014-754 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"icecast was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - Supplementary groups were not overriden (CVE-2014-9091).\n\n - Possible leak of on-connect scripts (CVE-2014-9018).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icecast packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icecast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icecast-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:icecast-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icecast-2.3.2-72.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icecast-debuginfo-2.3.2-72.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"icecast-debugsource-2.3.2-72.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icecast-2.3.3-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icecast-debuginfo-2.3.3-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"icecast-debugsource-2.3.3-2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icecast / icecast-debuginfo / icecast-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:23:01", "bulletinFamily": "scanner", "description": "**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)** **fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)** **enabled fully hardened build (#954320)**\n\n - update new to release v2.4.1 (#1101950)\n\n - added doc-subpkg\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2014-16483.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79949", "published": "2014-12-15T00:00:00", "title": "Fedora 19 : icecast-2.4.1-1.fc19 (2014-16483)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16483.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79949);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-9018\", \"CVE-2014-9091\");\n script_xref(name:\"FEDORA\", value:\"2014-16483\");\n\n script_name(english:\"Fedora 19 : icecast-2.4.1-1.fc19 (2014-16483)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)** **fix\nCVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)** **enabled\nfully hardened build (#954320)**\n\n - update new to release v2.4.1 (#1101950)\n\n - added doc-subpkg\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1165880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1168146\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146204.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d960816\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icecast package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icecast\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"icecast-2.4.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icecast\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:23:07", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201412-38 (Icecast: Multiple Vulnerabilities)\n\n Two vulnerabilities have been discovered in Icecast:\n Icecast does not properly handle shared file descriptors (CVE-2014-9018) Supplementary group privileges are not changed (CVE-2014-9091) Impact :\n\n A local attacker can possibly gain escalated privileges or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2015-04-13T00:00:00", "id": "GENTOO_GLSA-201412-38.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80243", "published": "2014-12-26T00:00:00", "title": "GLSA-201412-38 : Icecast: Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-38.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80243);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:33:56 $\");\n\n script_cve_id(\"CVE-2014-9018\", \"CVE-2014-9091\");\n script_bugtraq_id(71205, 71312);\n script_xref(name:\"GLSA\", value:\"201412-38\");\n\n script_name(english:\"GLSA-201412-38 : Icecast: Multiple Vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-38\n(Icecast: Multiple Vulnerabilities)\n\n Two vulnerabilities have been discovered in Icecast:\n Icecast does not properly handle shared file descriptors\n (CVE-2014-9018)\n Supplementary group privileges are not changed (CVE-2014-9091)\n \nImpact :\n\n A local attacker can possibly gain escalated privileges or obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-38\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Icecast users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/icecast-2.4.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:icecast\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/icecast\", unaffected:make_list(\"ge 2.4.1\"), vulnerable:make_list(\"lt 2.4.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Icecast\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:23:01", "bulletinFamily": "scanner", "description": "**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)** **fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)** **enabled fully hardened build (#954320)**\n\n - update new to release v2.4.1 (#1101950)\n\n - added doc-subpkg\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2014-16394.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79941", "published": "2014-12-15T00:00:00", "title": "Fedora 20 : icecast-2.4.1-1.fc20 (2014-16394)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16394.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79941);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-9018\", \"CVE-2014-9091\");\n script_xref(name:\"FEDORA\", value:\"2014-16394\");\n\n script_name(english:\"Fedora 20 : icecast-2.4.1-1.fc20 (2014-16394)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)** **fix\nCVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)** **enabled\nfully hardened build (#954320)**\n\n - update new to release v2.4.1 (#1101950)\n\n - added doc-subpkg\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1165880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1168146\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146260.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8dbc8a5c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icecast package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icecast\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"icecast-2.4.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icecast\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:23:01", "bulletinFamily": "scanner", "description": "**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)** **fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)** **enabled fully hardened build (#954320)**\n\n - update new to release v2.4.1 (#1101950)\n\n - added doc-subpkg\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2014-16435.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79945", "published": "2014-12-15T00:00:00", "title": "Fedora 21 : icecast-2.4.1-1.fc21 (2014-16435)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16435.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79945);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:23:30 $\");\n\n script_cve_id(\"CVE-2014-9018\", \"CVE-2014-9091\");\n script_xref(name:\"FEDORA\", value:\"2014-16435\");\n\n script_name(english:\"Fedora 21 : icecast-2.4.1-1.fc21 (2014-16435)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)** **fix\nCVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)** **enabled\nfully hardened build (#954320)**\n\n - update new to release v2.4.1 (#1101950)\n\n - added doc-subpkg\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1165880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1168146\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146262.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89691fa7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected icecast package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:icecast\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"icecast-2.4.1-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icecast\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-09-01T23:55:36", "bulletinFamily": "scanner", "description": "Check the version of icecast", "modified": "2017-07-10T00:00:00", "published": "2014-12-15T00:00:00", "id": "OPENVAS:1361412562310868599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868599", "title": "Fedora Update for icecast FEDORA-2014-16483", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icecast FEDORA-2014-16483\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868599\");\n script_version(\"$Revision: 6637 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-15 05:56:20 +0100 (Mon, 15 Dec 2014)\");\n script_cve_id(\"CVE-2014-9091\", \"CVE-2014-9018\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for icecast FEDORA-2014-16483\");\n script_tag(name: \"summary\", value: \"Check the version of icecast\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Icecast is a streaming media server which currently supports\nOgg Vorbis and MP3 audio streams. It can be used to create an\nInternet radio station or a privately running jukebox and many\nthings in between. It is very versatile in that new formats\ncan be added relatively easily and supports open standards for\ncommunication and interaction.\n\");\n script_tag(name: \"affected\", value: \"icecast on Fedora 19\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16483\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146204.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"icecast\", rpm:\"icecast~2.4.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:55:37", "bulletinFamily": "scanner", "description": "Check the version of icecast", "modified": "2017-07-10T00:00:00", "published": "2014-12-15T00:00:00", "id": "OPENVAS:1361412562310868602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868602", "title": "Fedora Update for icecast FEDORA-2014-16394", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icecast FEDORA-2014-16394\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868602\");\n script_version(\"$Revision: 6637 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-15 05:56:46 +0100 (Mon, 15 Dec 2014)\");\n script_cve_id(\"CVE-2014-9091\", \"CVE-2014-9018\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for icecast FEDORA-2014-16394\");\n script_tag(name: \"summary\", value: \"Check the version of icecast\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Icecast is a streaming media server which currently supports\nOgg Vorbis and MP3 audio streams. It can be used to create an\nInternet radio station or a privately running jukebox and many\nthings in between. It is very versatile in that new formats\ncan be added relatively easily and supports open standards for\ncommunication and interaction.\n\");\n script_tag(name: \"affected\", value: \"icecast on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16394\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146260.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"icecast\", rpm:\"icecast~2.4.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-29T12:38:57", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201412-38", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121324", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121324", "title": "Gentoo Security Advisory GLSA 201412-38", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-38.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121324\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:21 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-38\");\n script_tag(name:\"insight\", value:\"Two vulnerabilities have been discovered in Icecast:\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-38\");\n script_cve_id(\"CVE-2014-9018\", \"CVE-2014-9091\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-38\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/icecast\", unaffected: make_list(\"ge 2.4.1\"), vulnerable: make_list(\"lt 2.4.1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:50:05", "bulletinFamily": "scanner", "description": "Check the version of icecast", "modified": "2017-07-10T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868844", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868844", "title": "Fedora Update for icecast FEDORA-2014-16435", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icecast FEDORA-2014-16435\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868844\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:57:32 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9091\", \"CVE-2014-9018\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for icecast FEDORA-2014-16435\");\n script_tag(name: \"summary\", value: \"Check the version of icecast\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Icecast is a streaming media server which currently supports\nOgg Vorbis and MP3 audio streams. It can be used to create an\nInternet radio station or a privately running jukebox and many\nthings in between. It is very versatile in that new formats\ncan be added relatively easily and supports open standards for\ncommunication and interaction.\n\");\n script_tag(name: \"affected\", value: \"icecast on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16435\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146262.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"icecast\", rpm:\"icecast~2.4.1~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:50:14", "bulletinFamily": "scanner", "description": "Check the version of icecast", "modified": "2017-07-10T00:00:00", "published": "2015-08-20T00:00:00", "id": "OPENVAS:1361412562310869882", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869882", "title": "Fedora Update for icecast FEDORA-2015-13077", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for icecast FEDORA-2015-13077\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869882\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:42:23 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2015-3026\", \"CVE-2014-9091\", \"CVE-2014-9018\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for icecast FEDORA-2015-13077\");\n script_tag(name: \"summary\", value: \"Check the version of icecast\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Icecast is a streaming media server which\ncurrently supports Ogg Vorbis and MP3 audio streams. It can be used to create\nan Internet radio station or a privately running jukebox and many things in\nbetween. It is very versatile in that new formats can be added relatively\neasily and supports open standards for communication and interaction.\n\");\n script_tag(name: \"affected\", value: \"icecast on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-13077\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/164061.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"icecast\", rpm:\"icecast~2.4.2~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:25", "bulletinFamily": "unix", "description": "### Background\n\nIcecast is an open source alternative to SHOUTcast that supports MP3, OGG (Vorbis/Theora) and AAC streaming. \n\n### Description\n\nTwo vulnerabilities have been discovered in Icecast:\n\n * Icecast does not properly handle shared file descriptors (CVE-2014-9018) \n * Supplementary group privileges are not changed (CVE-2014-9091)\n\n### Impact\n\nA local attacker can possibly gain escalated privileges or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Icecast users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/icecast-2.4.1\"", "modified": "2014-12-26T00:00:00", "published": "2014-12-26T00:00:00", "id": "GLSA-201412-38", "href": "https://security.gentoo.org/glsa/201412-38", "type": "gentoo", "title": "Icecast: Multiple Vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}