Published: 26/06/2001 Updated: 10/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Icecast 1.3.7, and other versions prior to 1.3.11 with HTTP server file streaming support enabled allows remote malicious users to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).

Vulnerable Product	Search on Vulmon	Subscribe to Product
icecast icecast 1.3.7
icecast icecast 1.3.8_beta2
icecast icecast 1.0.0

The icecast-server (a streaming music server) package as distributed in Debian GNU/Linux 22 has several security problems: if a client added a / after the filename of a file to be downloaded the server would crash by escaping dots as E it was possible to circumvent security measures and download arbitrary files there were several buffer ...

source: wwwsecurityfocuscom/bid/2933/info Icecast is an open source audio-streaming server for both Unix and Microsoft Windows systems Icecast does not sufficiently sanitize user-supplied input, or sanely handle unexpected input Upon receiving a request from a user for a file that ends with a slash or period, the server will crash The ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/193516 http://www.securityfocus.com/bid/2933 http://www.icecast.org/index.html http://www.icecast.org/releases/icecast-1.3.11.tar.gz http://www.debian.org/security/2001/dsa-089 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-020.0.txt http://www.redhat.com/support/errata/RHSA-2001-105.html http://www.redhat.com/support/errata/RHSA-2002-063.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6751 https://nvd.nist.gov https://www.debian.org/security/./dsa-089 https://www.exploit-db.com/exploits/20973/

CVE-2001-1083

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect