Ezstream XML Config File Multiple Buffer Overflow Vulnerabilities
BID:22840
Info
Ezstream XML Config File Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 22840 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1344 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 06 2007 12:00AM |
| Updated: | May 12 2015 07:33PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Icecast Ezstream 0.2.1 Icecast Ezstream 0.2 Icecast Ezstream 0.1 |
| Not Vulnerable: |
Icecast Ezstream 0.3 |
Discussion
Ezstream XML Config File Multiple Buffer Overflow Vulnerabilities
Ezstream is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
A remote attacker may exploit these vulnerabilities by enticing victims into opening a malicious XML config file with the vulnerable application.
Successful exploits will result in arbitrary code running with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
These issues affect versions prior to 0.3.0.
Ezstream is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
A remote attacker may exploit these vulnerabilities by enticing victims into opening a malicious XML config file with the vulnerable application.
Successful exploits will result in arbitrary code running with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
These issues affect versions prior to 0.3.0.
Exploit / POC
Ezstream XML Config File Multiple Buffer Overflow Vulnerabilities
An attacker may exploit this issue by enticing victims into opening a maliciously crafted XML configuration file.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted XML configuration file.
Solution / Fix
Ezstream XML Config File Multiple Buffer Overflow Vulnerabilities
Solution:
The vendor released version 0.3.0 to address this issue. Please see the references for more information.
Icecast Ezstream 0.1
Icecast Ezstream 0.2
Icecast Ezstream 0.2.1
Solution:
The vendor released version 0.3.0 to address this issue. Please see the references for more information.
Icecast Ezstream 0.1
-
Icecast ezstream-0.3.0.tar.gz
http://downloads.xiph.org/releases/ezstream/ezstream-0.3.0.tar.gz
Icecast Ezstream 0.2
-
Icecast ezstream-0.3.0.tar.gz
http://downloads.xiph.org/releases/ezstream/ezstream-0.3.0.tar.gz
Icecast Ezstream 0.2.1
-
Icecast ezstream-0.3.0.tar.gz
http://downloads.xiph.org/releases/ezstream/ezstream-0.3.0.tar.gz
References
Ezstream XML Config File Multiple Buffer Overflow Vulnerabilities
References:
References:
- Icecast Homepage (Icecast)
- Ezstream release notes (Icecast)