| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 18 Mar 2005 22:31:14 -0000 From: Patrick <patrickthomassen@...il.com> To: bugtraq@...urityfocus.com Subject: IceCast up to v2.20 multiple vulnerabilities These are tested on IceCast v2.20. This software can be freely obtained from http://www.icecast.org. "Icecast is a streaming media server which currently supports Ogg Vorbis and MP3 audio streams. It can be used to create an Internet radio station or a privately running jukebox and many things in between. It is very versatile in that new formats can be added relatively easily and supports open standards for commuincation and interaction." 1) The XSL parser has some unchecked buffers (local), but they dont seem to be exploitable. If they are, they can be used for priviledge escalation, under the user that the server runs. <xsl:when test="<lots of chars>"></xsl:when> <xsl:if test="<lots of chars>"></xsl:if> <xsl:value-of select="<lots of chars>" /> 2) Cause XSL parser error "Could not parse XSLT file". (Not very useful). GET /status.xsl> HTTP/1.0 GET /status.xsl< HTTP/1.0 GET /<status.xsl HTTP/1.0 3) XSL parser bypass. (Useful to steal customized XSL files, lol). GET /auth.xsl. HTTP/1.0 GET /status.xsl. HTTP/1.0
Powered by blists - more mailing lists