Vulnerabilities > CVE-2004-1561 - Unspecified vulnerability in Icecast 2.0/2.0.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description Icecast <= 2.0.1 Win32 Remote Code Execution Exploit. CVE-2004-1561. Remote exploit for windows platform id EDB-ID:568 last seen 2016-01-31 modified 2004-10-06 published 2004-10-06 reporter Delikon source https://www.exploit-db.com/download/568/ title Icecast <= 2.0.1 Win32 - Remote Code Execution Exploit description Icecast <= 2.0.1 Win32 Remote Code Execution Exploit (modded). CVE-2004-1561. Remote exploit for windows platform id EDB-ID:573 last seen 2016-01-31 modified 2004-10-12 published 2004-10-12 reporter K-C0d3r source https://www.exploit-db.com/download/573/ title Icecast <= 2.0.1 Win32 - Remote Code Execution Exploit modded description Icecast (. CVE-2004-1561. Remote exploit for win32 platform id EDB-ID:16763 last seen 2016-02-02 modified 2010-04-30 published 2010-04-30 reporter metasploit source https://www.exploit-db.com/download/16763/ title Icecast <= 2.0.1 - Header Overwrite Win32
Metasploit
description | This module exploits a buffer overflow in the header parsing of icecast versions 2.0.1 and earlier, discovered by Luigi Auriemma. Sending 32 HTTP headers will cause a write one past the end of a pointer array. On win32 this happens to overwrite the saved instruction pointer, and on linux (depending on compiler, etc) this seems to generally overwrite nothing crucial (read not exploitable). This exploit uses ExitThread(), this will leave icecast thinking the thread is still in use, and the thread counter won't be decremented. This means for each time your payload exits, the counter will be left incremented, and eventually the threadpool limit will be maxed. So you can multihit, but only till you fill the threadpool. |
id | MSF:EXPLOIT/WINDOWS/HTTP/ICECAST_HEADER |
last seen | 2020-05-23 |
modified | 2017-07-24 |
published | 2005-12-26 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/icecast_header.rb |
title | Icecast Header Overwrite |
Nessus
NASL family | Web Servers |
NASL id | ICECAST_HTTP_HEADER_OVERFLOW.NASL |
description | The remote web server runs Icecast version 2.0.1 or older. Such versions are affected by an HTTP header buffer overflow vulnerability that may allow an attacker to execute arbitrary code on the remote host with the privileges of the Icecast server process. To exploit this flaw, an attacker needs to send 32 HTTP headers to the remote host to overwrite a return address on the stack. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14843 |
published | 2004-09-28 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14843 |
title | Icecast HTTP Header Processing Remote Overflow |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/83162/icecast_header.rb.txt |
id | PACKETSTORM:83162 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | Luigi Auriemma |
source | https://packetstormsecurity.com/files/83162/Icecast-2.0.1-Header-Overwrite.html |
title | Icecast 2.0.1 Header Overwrite |
References
- http://aluigi.altervista.org/adv/iceexec-adv.txt
- http://aluigi.altervista.org/adv/iceexec-adv.txt
- http://marc.info/?l=bugtraq&m=109640005127644&w=2
- http://marc.info/?l=bugtraq&m=109640005127644&w=2
- http://marc.info/?l=bugtraq&m=109674593230539&w=2
- http://marc.info/?l=bugtraq&m=109674593230539&w=2
- http://secunia.com/advisories/12666/
- http://secunia.com/advisories/12666/
- http://securitytracker.com/id?1011439
- http://securitytracker.com/id?1011439
- http://www.osvdb.org/10446
- http://www.osvdb.org/10446
- http://www.securiteam.com/exploits/6X00315BFM.html
- http://www.securiteam.com/exploits/6X00315BFM.html
- http://www.securityfocus.com/bid/11271
- http://www.securityfocus.com/bid/11271
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17538
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17538