Rick Franchuk
2004-Aug-06 14:22 UTC
[icecast] Fwd: Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/? (fwd)
Hey guys,
Maybe a little OT, but I thought some of you might like to see this
(originally on bugtraq)...
---------- Forwarded message ----------
Vendor : Nullsoft
Product : SHOUTcast Server 1.8.2 Linux/win32/?
Date : 01/08/2001
CONTENTS
1. Overview
2. Details
3. Systems.
4. Denial of Service
5. Vendor Response
1. Overview:
SHOUTcast Server is a streaming audio server. A "bad" client request
can
crash the server.
2. Details
Server crash when get, seven
times ( aprox ), a very long buffer (4KB) in fields: User-Agent and
Host, in the client HTTP request.
3. Systems
- SHOUTcast Server 1.8.2 ( Linux )
- SHOUTcast Server 1.8.2 ( Win32 )
- SHOUTcast Server 1.8.2 ( Others ) ( No test )
4. DoS
The DoS in C format is attached.
5. Vendor Response
31/08/01: Sent problem to tom@nullsoft.com
03/08/01: No response from tom@nullsoft.com
Sent problem to bugtraq@securityfocus.com
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to
'icecast-request@xiph.org'
containing only the word 'unsubscribe' in the body. No subject is
needed.
Unsubscribe messages sent to the list will be ignored/filtered.