View previous topic :: View next topic |
Author |
Message |
DJ-Zath
Joined: 11 Feb 2009 Posts: 155 Location: Western Illinois - USA
|
Posted: Tue Apr 15, 2014 3:07 am Post subject: IceCast and HEARTBLEED! |
|
|
it has been CONFIRMED that IceCast is vaunerable to the Heartbleed exploit as it was demo'ed on my server..
the rest of my server is not effected to Heartbleed- only Icecast!
I have had my ENTIRE conf file POSTED on IRC by hackers as PROOF.. passwords and all!
BE WARNED!!!!! _________________ -DjZ-
|
|
Back to top |
|
|
karlH Code Warrior
Joined: 13 Jun 2005 Posts: 5476 Location: UK
|
Posted: Tue Apr 15, 2014 3:44 am Post subject: |
|
|
Most people do not actually use SSL on icecast but those that do should update their OpenSSL packages to include the fix and then restart icecast. For the win32 KH build I'll update shortly as the openssl DLL in the package will be subject to the issue.
karl. |
|
Back to top |
|
|
DJ-Zath
Joined: 11 Feb 2009 Posts: 155 Location: Western Illinois - USA
|
Posted: Tue Apr 15, 2014 3:54 am Post subject: |
|
|
Hi Karl!
the version I have is : Icecast 2.3.99.0
this incident happened this evenimg
my server's SSL is: 0.98
I have taken Icecast down immediately...
I hope this helps _________________ -DjZ-
|
|
Back to top |
|
|
karlH Code Warrior
Joined: 13 Jun 2005 Posts: 5476 Location: UK
|
Posted: Tue Apr 15, 2014 12:01 pm Post subject: |
|
|
like I said, you can update your openssl library yourself which on linux distributions for example you can do easily and then restart (without an icecast restart the old lib will still be used), for win32 the DLLs are in the icecast installation directory.
karl. |
|
Back to top |
|
|
|