Icecast AVLLib Buffer Overflow Vulnerability

Solution:
This patch has been provided by Neeko Oni <neeko@haackey.com>:

--- client.c Wed Aug 1 16:06:53 2001
+++ src/client.c Wed Apr 3 12:36:23 2002
@@ -103,6 +103,11 @@

xa_debug(3, "Client login...\n");

+ if (strlen(expr) > 8000) {
+ write_log(LOG_DEFAULT, "WARNING: expr greater than 8000--possible BOF attack?");
+ return;
+}
+
if (!con || !expr) {
write_log(LOG_DEFAULT, "WARNING: client_login called with NULL pointer");
return;

Updated versions of Icecast have been made available:


Icecast Icecast 1.0 .0

Icecast Icecast 1.1 .0

Icecast Icecast 1.1.1

Icecast Icecast 1.1.2

Icecast Icecast 1.1.3

Icecast Icecast 1.1.4

Icecast Icecast 1.3 .0

Icecast Icecast 1.3 .10

Icecast Icecast 1.3.10 -1

Icecast Icecast 1.3.11

Icecast Icecast 1.3.5 -1

Icecast Icecast 1.3.5

Icecast Icecast 1.3.7 -1

Icecast Icecast 1.3.7

Icecast Icecast WIN32 1.3.7

Icecast Icecast 1.3.8 beta2

Icecast Icecast 1.3.8

Icecast Icecast 1.3.9 -1

Icecast Icecast 1.3.9

Icecast Icecast 1.3.9 -2


 

Privacy Statement
Copyright 2010, SecurityFocus