Debian: 'icecast-server' remote root vulnerability

    Date05 Dec 2001
    CategoryDebian
    2426
    Posted ByLinuxSecurity Advisories
    The icecast-server (a streaming music server) package as distributedin Debian GNU/Linux 2.2 has several security problems including a remote root vulnerability.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-089-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    December  5, 2001
    ------------------------------------------------------------------------
    
    
    Package        : icecast-server
    Problem type   : remote root exploit (and others)
    Debian-specific: no
    
    The icecast-server (a streaming music server) package as distributed
    in Debian GNU/Linux 2.2 has several security problems:
    
    * if a client added a / after the filename of a file to be downloaded
      the server would crash
    * by escaping dots as %2E it was possible to circumvent security measures
      and download arbitrary files
    * there were several buffer overflows that could be exploited to
      gain root access
    
    These have been fixed in version 1.3.10-1, and we strongly recommend
    that you upgrade your icecast-server package immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
    
      Source archives:
         http://security.debian.org/dists/stable/updates/main/source/icecast-server_1.3.10-1.dsc
          MD5 checksum: 1bc6e9ad32ac36ee3aa696433e01238e
         http://security.debian.org/dists/stable/updates/main/source/icecast-server_1.3.10-1.tar.gz
          MD5 checksum: 7274a8795e854789f42713b9ce6adfff
    
      Alpha architecture:
         
    http://security.debian.org/dists/stable/updates/main/binary-alpha/icecast-server_1.3.10-1_alpha.deb
          MD5 checksum: b35a6b302ee9a6acbd924f2fe3683880
    
      ARM architecture:
         
    http://security.debian.org/dists/stable/updates/main/binary-arm/icecast-server_1.3.10-1_arm.deb
          MD5 checksum: 10da80b8b3aa0b0d94203f1b42a257b8
    
      Intel IA-32 architecture:
         
    http://security.debian.org/dists/stable/updates/main/binary-i386/icecast-server_1.3.10-1_i386.deb
          MD5 checksum: eb3869696168f5fad229166490061d4b
    
      Motorola 680x0 architecture:
         
    http://security.debian.org/dists/stable/updates/main/binary-m68k/icecast-server_1.3.10-1_m68k.deb
          MD5 checksum: 879e091a75a3d68fbaabfff30651ff9a
    
      PowerPC architecture:
         
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/icecast-server_1.3.10-1_powerpc.deb
          MD5 checksum: 20d406a0dba293b046cbd65405894849
    
      Sun Sparc architecture:
         
    http://security.debian.org/dists/stable/updates/main/binary-sparc/icecast-server_1.3.10-1_sparc.deb
          MD5 checksum: e4e7e37ccbb6993c67bd936cfa7b848b
    
    
      These packages will be moved into the stable distribution on its next
      revision.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    --
    ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.