Subject: Linux: icecast buffer overflows and denial-of-service Advisory number: CSSA-2002-020.0 Issue date: 2002 May 10 Cross reference: ______________________________________________________________________________
1. Problem Description
Buffer overflows in the icecast server allow remote attackers to execute arbitrary code via a long HTTP GET request, as well as allowing denial of service attacks.
2. Vulnerable Supported Versions
System Package ----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to icecast-1.3.12-1.i386.rpm
OpenLinux 3.1 Server prior to icecast-1.3.12-1.i386.rpm
3. Solution
The proper solution is to install the latest packages.
This security fix closes Caldera incidents sr863781, fz520848 and erg712036.
7. Disclaimer
Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products.
8. Acknowledgements
The "Packet Knights" group discovered some of these vulnerabilities.