Vulnerabilities > CVE-2004-2027 - Remote Buffer Overflow vulnerability in Icecast Server Base64 Authorization Request
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read.
Vulnerable Configurations
Nessus
NASL family Web Servers NASL id ICECAST_HTTP_BASIC_AUTH.NASL description The remote server runs Icecast 2.0.0, an open source streaming audio server. This version is affected by a remote denial of service. A remote attacker could send a specially crafted URL, with a long string passed in an Authorization header that will result in a loss of availability for the service. *** Nessus reports this vulnerability using only *** information that was gathered. last seen 2020-06-01 modified 2020-06-02 plugin id 15397 published 2004-10-01 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15397 title Icecast HTTP Basic Authorization Remote Overflow DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15397); script_version("1.22"); script_cve_id("CVE-2004-2027"); script_bugtraq_id(10311); script_xref(name:"GLSA", value:"200405-10"); script_name(english:"Icecast HTTP Basic Authorization Remote Overflow DoS"); script_set_attribute(attribute:"synopsis", value: "The remote media server is vulnerable to a remote denial of service attack." ); script_set_attribute(attribute:"description", value: "The remote server runs Icecast 2.0.0, an open source streaming audio server. This version is affected by a remote denial of service. A remote attacker could send a specially crafted URL, with a long string passed in an Authorization header that will result in a loss of availability for the service. *** Nessus reports this vulnerability using only *** information that was gathered." ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f5065a57" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/May/387" ); script_set_attribute(attribute:"solution", value: "Upgrade to Icecast 2.0.1 or later, as this reportedly fixes the issue." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/01"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/05/09"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); summary["english"] = "Check icecast version"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 8000); exit(0); } # # The script code starts here # include("http_func.inc"); port = get_http_port(default:8000, embedded:TRUE); if(!port) exit(0); banner = tolower(get_http_banner(port:port)); if (! banner ) exit(0); if("icecast/" >< banner && egrep(pattern:"icecast/2\.0\.0([^0-9]|$)", string:banner)) security_warning(port);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200405-10.NASL description The remote host is affected by the vulnerability described in GLSA-200405-10 (Icecast denial of service vulnerability) There is an out-of-bounds read error in the web interface of Icecast when handling Basic Authorization requests. This vulnerability can theoretically be exploited by sending a specially crafted Authorization header to the server. Impact : By exploiting this vulnerability, it is possible to crash the Icecast server remotely, resulting in a denial of service attack. Workaround : There is no known workaround at this time. All users are advised to upgrade to the latest available version of Icecast. last seen 2020-06-01 modified 2020-06-02 plugin id 14496 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14496 title GLSA-200405-10 : Icecast denial of service vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200405-10. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14496); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-2027"); script_xref(name:"GLSA", value:"200405-10"); script_name(english:"GLSA-200405-10 : Icecast denial of service vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200405-10 (Icecast denial of service vulnerability) There is an out-of-bounds read error in the web interface of Icecast when handling Basic Authorization requests. This vulnerability can theoretically be exploited by sending a specially crafted Authorization header to the server. Impact : By exploiting this vulnerability, it is possible to crash the Icecast server remotely, resulting in a denial of service attack. Workaround : There is no known workaround at this time. All users are advised to upgrade to the latest available version of Icecast." ); # http://www.xiph.org/archives/icecast/7144.html script_set_attribute( attribute:"see_also", value:"https://www.xiph.org/archives/icecast/7144.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200405-10" ); script_set_attribute( attribute:"solution", value: "All users of Icecast should upgrade to the latest stable version: # emerge sync # emerge -pv '>=net-misc/icecast-2.0.1' # emerge '>=net-misc/icecast-2.0.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:icecast"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/05/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/icecast", unaffected:make_list("ge 2.0.1"), vulnerable:make_list("le 2.0.0"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "net-misc/icecast"); }
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0378.html
- http://secunia.com/advisories/11578
- http://security.gentoo.org/glsa/glsa-200405-10.xml
- http://www.osvdb.org/6075
- http://www.securityfocus.com/bid/10311
- http://www.xiph.org/archives/icecast/7144.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16103