Debian: 'icecast-server' remote root vulnerability

    Date 05 Dec 2001
    Posted By LinuxSecurity Advisories
    The icecast-server (a streaming music server) package as distributedin Debian GNU/Linux 2.2 has several security problems including a remote root vulnerability.
    Debian Security Advisory DSA-089-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.                         Wichert Akkerman
    December  5, 2001
    Package        : icecast-server
    Problem type   : remote root exploit (and others)
    Debian-specific: no
    The icecast-server (a streaming music server) package as distributed
    in Debian GNU/Linux 2.2 has several security problems:
    * if a client added a / after the filename of a file to be downloaded
      the server would crash
    * by escaping dots as %2E it was possible to circumvent security measures
      and download arbitrary files
    * there were several buffer overflows that could be exploited to
      gain root access
    These have been fixed in version 1.3.10-1, and we strongly recommend
    that you upgrade your icecast-server package immediately.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    Debian GNU/Linux 2.2 alias potato
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
      Source archives:
          MD5 checksum: 1bc6e9ad32ac36ee3aa696433e01238e
          MD5 checksum: 7274a8795e854789f42713b9ce6adfff
      Alpha architecture:
          MD5 checksum: b35a6b302ee9a6acbd924f2fe3683880
      ARM architecture:
          MD5 checksum: 10da80b8b3aa0b0d94203f1b42a257b8
      Intel IA-32 architecture:
          MD5 checksum: eb3869696168f5fad229166490061d4b
      Motorola 680x0 architecture:
          MD5 checksum: 879e091a75a3d68fbaabfff30651ff9a
      PowerPC architecture:
          MD5 checksum: 20d406a0dba293b046cbd65405894849
      Sun Sparc architecture:
          MD5 checksum: e4e7e37ccbb6993c67bd936cfa7b848b
      These packages will be moved into the stable distribution on its next
    For not yet released architectures please refer to the appropriate
    directory$arch/ .
    apt-get: deb stable/updates main
    dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"2","type":"x","order":"1","pct":40,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"2","type":"x","order":"2","pct":40,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200


    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.