Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 089-1 (icecast-server)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

16 years ago

Modified

Modified

6 years ago

Share

Summary

The remote host is missing an update to icecast-server announced via advisory DSA 089-1.

Insight

Insight

The icecast-server (a streaming music server) package as distributed in Debian GNU/Linux 2.2 has several security problems: * if a client added a / after the filename of a file to be downloaded the server would crash * by escaping dots as %2E it was possible to circumvent security measures and download arbitrary files * there were several buffer overflows that could be exploited to gain root access These have been fixed in version 1.3.10-1, and we strongly recommend that you upgrade your icecast-server package immediately.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20089-1

Common Vulnerabilities and Exposures (CVE)