radiohioeng
Joined: 15 Dec 2009 Posts: 1
|
Posted: Tue Dec 15, 2009 8:13 pm Post subject: XSL Parser vulnerabilities fixed? |
|
|
Have the XSL parser vulnerabilities listed below been fixed in a newer version than 2.20?
From http://www.securityfocus.com/archive/1/393705
Quote: |
These are tested on IceCast v2.20. This software can be freely obtained from http://www.icecast.org.
"Icecast is a streaming media server which currently supports Ogg
Vorbis and MP3 audio streams. It can be used to create an Internet
radio station or a privately running jukebox and many things in
between. It is very versatile in that new formats can be added
relatively easily and supports open standards for commuincation and
interaction."
1) The XSL parser has some unchecked buffers (local), but they dont seem to be exploitable. If they are, they can be used for priviledge escalation, under the user that the server runs.
<xsl:when test="<lots of chars>"></xsl:when>
<xsl:if test="<lots of chars>"></xsl:if>
<xsl:value-of select="<lots of chars>" />
2) Cause XSL parser error "Could not parse XSLT file". (Not very useful).
GET /status.xsl> HTTP/1.0
GET /status.xsl< HTTP/1.0
GET /<status.xsl HTTP/1.0
3) XSL parser bypass. (Useful to steal customized XSL files, lol).
GET /auth.xsl. HTTP/1.0
GET /status.xsl. HTTP/1.0 |
From http://www.securityfocus.com/bid/12849/discuss
Quote: |
Icecast is reported prone to multiple vulnerabilities. The following individual issues are reported:
Icecast XSL parser is reported to be prone to a buffer overflow vulnerability. This issue exists due to a lack of sufficient boundary checks performed on certain XSL tag values before copying these values into a finite buffer in process memory. It is reported that the vulnerability manifests when a malicious XSL file is parsed by the affected software.
This issue may potentially be exploited to deny service for legitimate users or potentially execute arbitrary code in the context of the user that is running the affected software. This is not confirmed.
It is reported that the Icecast XSL parser is prone to an information disclosure vulnerability. It is reported that the parser fails to parse XSL files when a request for such a file is appended with a dot '.' character.
A remote attacker may exploit this vulnerability to disclose the contents of XSL files that can be requested publicly.
These vulnerabilities are reported to affect Icecast version 2.20, other versions might also be affected.
|
|
|