• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Icecast AVLLib Buffer Overflow Vulnerability

Solution:
This patch has been provided by Neeko Oni <neeko@haackey.com>:

--- client.c Wed Aug 1 16:06:53 2001
+++ src/client.c Wed Apr 3 12:36:23 2002
@@ -103,6 +103,11 @@

xa_debug(3, "Client login...\n");

+ if (strlen(expr) > 8000) {
+ write_log(LOG_DEFAULT, "WARNING: expr greater than 8000--possible BOF attack?");
+ return;
+}
+
if (!con || !expr) {
write_log(LOG_DEFAULT, "WARNING: client_login called with NULL pointer");
return;

Updated versions of Icecast have been made available:


Icecast Icecast 1.0 .0

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.1 .0

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.1.1

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.1.2

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.1.3

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.1.4

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.3 .0

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.3 .10

• Caldera icecast-1.3.12-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ icecast-1.3.12-1.i386.rpm


• Caldera icecast-1.3.12-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/ic ecast-1.3.12-1.i386.rpm


• Caldera icecast-1.3.12-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS /icecast-1.3.12-1.src.rpm


• Caldera icecast-1.3.12-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS/i cecast-1.3.12-1.src.rpm


• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.1/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/icecast-1.3.12-1.i386. rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/icecast-1.3.12-1.i386. rpm

Icecast Icecast 1.3.10 -1

• Caldera icecast-1.3.12-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ icecast-1.3.12-1.i386.rpm


• Caldera icecast-1.3.12-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/ic ecast-1.3.12-1.i386.rpm


• Caldera icecast-1.3.12-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS /icecast-1.3.12-1.src.rpm


• Caldera icecast-1.3.12-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS/i cecast-1.3.12-1.src.rpm


• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.3.11

• Caldera icecast-1.3.12-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ icecast-1.3.12-1.i386.rpm


• Caldera icecast-1.3.12-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/ic ecast-1.3.12-1.i386.rpm


• Caldera icecast-1.3.12-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS /icecast-1.3.12-1.src.rpm


• Caldera icecast-1.3.12-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS/i cecast-1.3.12-1.src.rpm


• FreeBSD icecast-1.3.12.tgz
  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ice cast-1.3.12.tgz


• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.1/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/icecast-1.3.12-1.i386. rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/icecast-1.3.12-1.i386. rpm

Icecast Icecast 1.3.5 -1

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.3.5

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.3.7 -1

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.3.7

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.1/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/icecast-1.3.12-1.i386. rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/icecast-1.3.12-1.i386. rpm

Icecast Icecast WIN32 1.3.7

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.1/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/icecast-1.3.12-1.i386. rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/icecast-1.3.12-1.i386. rpm

Icecast Icecast 1.3.8 beta2

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.alpha.rpm
  ftp://updates.redhat.com/7.1/en/powertools/alpha/icecast-1.3.12-1.alph a.rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/icecast-1.3.12-1.i386. rpm


• Red Hat icecast-1.3.12-1.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/icecast-1.3.12-1.i386. rpm

Icecast Icecast 1.3.8

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.3.9 -1

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.3.9

• Caldera icecast-1.3.12-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS/ icecast-1.3.12-1.i386.rpm


• Caldera icecast-1.3.12-1.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/ic ecast-1.3.12-1.i386.rpm


• Caldera icecast-1.3.12-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS /icecast-1.3.12-1.src.rpm


• Caldera icecast-1.3.12-1.src.rpm
  Source RPM.
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS/i cecast-1.3.12-1.src.rpm


• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz

Icecast Icecast 1.3.9 -2

• Icecast icecast-1.3.12.tar.gz
  http://www.icecast.org/releases/icecast-1.3.12.tar.gz