Vulnerabilities > CVE-2001-0197
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 4 |
Exploit-Db
description | Icecast 1.3.7/1.3.8 print_client() Format String Vulnerability. CVE-2001-0197. Remote exploit for windows platform |
id | EDB-ID:20582 |
last seen | 2016-02-02 |
modified | 2001-01-21 |
published | 2001-01-21 |
reporter | CyRaX |
source | https://www.exploit-db.com/download/20582/ |
title | Icecast 1.3.7/1.3.8 print_client Format String Vulnerability |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-089.NASL description The icecast-server (a streaming music server) package as distributed in Debian GNU/Linux 2.2 has several security problems : - if a client added a / after the filename of a file to be downloaded the server would crash - by escaping dots as %2E it was possible to circumvent security measures and download arbitrary files - there were several buffer overflows that could be exploited to gain root access These have been fixed in version 1.3.10-1, and we strongly recommend that you upgrade your icecast-server package immediately. The i386 package mentioned in the DSA-089-1 advisory was incorrectly compiled and will not run on Debian GNU/Linux potato machines. This has been corrected in version 1.3.10-1.1. last seen 2020-06-01 modified 2020-06-02 plugin id 14926 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14926 title Debian DSA-089-2 : icecast-server - remote root exploit (and others) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-089. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14926); script_version("1.25"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0197", "CVE-2001-0784", "CVE-2001-1083", "CVE-2001-1230"); script_bugtraq_id(2264, 2932, 2933); script_xref(name:"DSA", value:"089"); script_name(english:"Debian DSA-089-2 : icecast-server - remote root exploit (and others)"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The icecast-server (a streaming music server) package as distributed in Debian GNU/Linux 2.2 has several security problems : - if a client added a / after the filename of a file to be downloaded the server would crash - by escaping dots as %2E it was possible to circumvent security measures and download arbitrary files - there were several buffer overflows that could be exploited to gain root access These have been fixed in version 1.3.10-1, and we strongly recommend that you upgrade your icecast-server package immediately. The i386 package mentioned in the DSA-089-1 advisory was incorrectly compiled and will not run on Debian GNU/Linux potato machines. This has been corrected in version 1.3.10-1.1." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-089" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected icecast-server package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icecast-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2001/06/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"icecast-server", reference:"1.3.10-1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Web Servers NASL id ICECAST_OVERFLOW.NASL description The remote server claims to be running Icecast 1.3.7 or 1.3.8beta2. These versions are vulnerable to a format string attack that could allow an attacker to execute arbitrary commands on this host. last seen 2020-06-01 modified 2020-06-02 plugin id 10600 published 2001-01-24 reporter This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10600 title Icecast utils.c fd_write Function Format String code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(10600); script_version ("1.25"); script_cve_id("CVE-2001-0197"); script_bugtraq_id(2264); script_name(english:"Icecast utils.c fd_write Function Format String"); script_set_attribute(attribute:"synopsis", value: "The remote host is vulnerable to a remote code execution attack." ); script_set_attribute(attribute:"description", value: "The remote server claims to be running Icecast 1.3.7 or 1.3.8beta2. These versions are vulnerable to a format string attack that could allow an attacker to execute arbitrary commands on this host." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/Jan/323" ); script_set_attribute(attribute:"solution", value: "There is no known solution at this time." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2001/01/24"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/01/22"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Icecast format string"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 8000); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:8000); banner = tolower(get_http_banner(port:port)); if ( ! banner ) exit(0); if("icecast/" >< banner && egrep(pattern:"icecast/1\.3\.(7|8 *beta[012])", string:banner)) security_hole(port);
Redhat
advisories |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html
- http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374
- http://www.redhat.com/support/errata/RHSA-2001-004.html
- http://www.redhat.com/support/errata/RHSA-2001-004.html
- http://www.securityfocus.com/bid/2264
- http://www.securityfocus.com/bid/2264
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5978
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5978