Icecast Streaming Media Server Forum Index Icecast Streaming Media Server
Icecast is a Xiph Foundation Project
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

XSL Parser vulnerabilities fixed?

 
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Bug Reports
View previous topic :: View next topic  
Author Message
radiohioeng



Joined: 15 Dec 2009
Posts: 1

PostPosted: Tue Dec 15, 2009 8:13 pm    Post subject: XSL Parser vulnerabilities fixed? Reply with quote

Have the XSL parser vulnerabilities listed below been fixed in a newer version than 2.20?

From http://www.securityfocus.com/archive/1/393705

Quote:
These are tested on IceCast v2.20. This software can be freely obtained from http://www.icecast.org.

"Icecast is a streaming media server which currently supports Ogg
Vorbis and MP3 audio streams. It can be used to create an Internet
radio station or a privately running jukebox and many things in
between. It is very versatile in that new formats can be added
relatively easily and supports open standards for commuincation and
interaction."

1) The XSL parser has some unchecked buffers (local), but they dont seem to be exploitable. If they are, they can be used for priviledge escalation, under the user that the server runs.

<xsl:when test="<lots of chars>"></xsl:when>
<xsl:if test="<lots of chars>"></xsl:if>
<xsl:value-of select="<lots of chars>" />

2) Cause XSL parser error "Could not parse XSLT file". (Not very useful).

GET /status.xsl> HTTP/1.0
GET /status.xsl< HTTP/1.0
GET /<status.xsl HTTP/1.0

3) XSL parser bypass. (Useful to steal customized XSL files, lol).

GET /auth.xsl. HTTP/1.0
GET /status.xsl. HTTP/1.0


From http://www.securityfocus.com/bid/12849/discuss

Quote:
Icecast is reported prone to multiple vulnerabilities. The following individual issues are reported:

Icecast XSL parser is reported to be prone to a buffer overflow vulnerability. This issue exists due to a lack of sufficient boundary checks performed on certain XSL tag values before copying these values into a finite buffer in process memory. It is reported that the vulnerability manifests when a malicious XSL file is parsed by the affected software.

This issue may potentially be exploited to deny service for legitimate users or potentially execute arbitrary code in the context of the user that is running the affected software. This is not confirmed.

It is reported that the Icecast XSL parser is prone to an information disclosure vulnerability. It is reported that the parser fails to parse XSL files when a request for such a file is appended with a dot '.' character.

A remote attacker may exploit this vulnerability to disclose the contents of XSL files that can be requested publicly.

These vulnerabilities are reported to affect Icecast version 2.20, other versions might also be affected.
Back to top
View user's profile Send private message
karlH
Code Warrior
Code Warrior


Joined: 13 Jun 2005
Posts: 5476
Location: UK

PostPosted: Tue Dec 15, 2009 10:08 pm    Post subject: Reply with quote

afaik, this issue has been resolved.

karl.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Icecast Streaming Media Server Forum Index -> Bug Reports All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
subRebel style by ktauber