Icecast XSL Parser Multiple Vulnerabilities
BID:12849
Info
Icecast XSL Parser Multiple Vulnerabilities
| Bugtraq ID: | 12849 |
| Class: | Unknown |
| CVE: |
CVE-2005-0837 CVE-2005-0838 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 18 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of these vulnerabilities is credited to Patrick <[email protected]>. |
| Vulnerable: |
Icecast Icecast 2.2 Icecast Icecast 2.1 .0 Icecast Icecast 2.0.2 Icecast Icecast 2.0.1 Icecast Icecast 2.0 |
| Not Vulnerable: | |
Discussion
Icecast XSL Parser Multiple Vulnerabilities
Icecast is reported prone to multiple vulnerabilities. The following individual issues are reported:
Icecast XSL parser is reported to be prone to a buffer overflow vulnerability. This issue exists due to a lack of sufficient boundary checks performed on certain XSL tag values before copying these values into a finite buffer in process memory. It is reported that the vulnerability manifests when a malicious XSL file is parsed by the affected software.
This issue may potentially be exploited to deny service for legitimate users or potentially execute arbitrary code in the context of the user that is running the affected software. This is not confirmed.
It is reported that the Icecast XSL parser is prone to an information disclosure vulnerability. It is reported that the parser fails to parse XSL files when a request for such a file is appended with a dot '.' character.
A remote attacker may exploit this vulnerability to disclose the contents of XSL files that can be requested publicly.
These vulnerabilities are reported to affect Icecast version 2.20, other versions might also be affected.
Icecast is reported prone to multiple vulnerabilities. The following individual issues are reported:
Icecast XSL parser is reported to be prone to a buffer overflow vulnerability. This issue exists due to a lack of sufficient boundary checks performed on certain XSL tag values before copying these values into a finite buffer in process memory. It is reported that the vulnerability manifests when a malicious XSL file is parsed by the affected software.
This issue may potentially be exploited to deny service for legitimate users or potentially execute arbitrary code in the context of the user that is running the affected software. This is not confirmed.
It is reported that the Icecast XSL parser is prone to an information disclosure vulnerability. It is reported that the parser fails to parse XSL files when a request for such a file is appended with a dot '.' character.
A remote attacker may exploit this vulnerability to disclose the contents of XSL files that can be requested publicly.
These vulnerabilities are reported to affect Icecast version 2.20, other versions might also be affected.
Exploit / POC
Icecast XSL Parser Multiple Vulnerabilities
The following examples are available:
<xsl:when test="<lots of chars>"></xsl:when>
<xsl:if test="<lots of chars>"></xsl:if>
<xsl:value-of select="<lots of chars>" />
GET /auth.xsl. HTTP/1.0
GET /status.xsl. HTTP/1.0
The following examples are available:
<xsl:when test="<lots of chars>"></xsl:when>
<xsl:if test="<lots of chars>"></xsl:if>
<xsl:value-of select="<lots of chars>" />
GET /auth.xsl. HTTP/1.0
GET /status.xsl. HTTP/1.0
Solution / Fix
Icecast XSL Parser Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Icecast XSL Parser Multiple Vulnerabilities
References:
References:
- Icecast Homepage (Icecast)
- IceCast up to v2.20 multiple vulnerabilities (Patrick