nessus-plugins/scripts icecast_avllib_bof.nasl, NONE, 1.1 icecast_dir_traversal.nasl, NONE, 1.1 icecast_http_basic_auth.nasl, NONE, 1.1 icecast_libshout_bof.nasl, NONE, 1.1 icecast_rbof.nasl, NONE, 1.1 icecast_slash_dos.nasl, NONE, 1.1

To: nessus-cvs_at_list.nessus.org
Subject: nessus-plugins/scripts icecast_avllib_bof.nasl, NONE, 1.1 icecast_dir_traversal.nasl, NONE, 1.1 icecast_http_basic_auth.nasl, NONE, 1.1 icecast_libshout_bof.nasl, NONE, 1.1 icecast_rbof.nasl, NONE, 1.1 icecast_slash_dos.nasl, NONE, 1.1
From: renaud_at_nessus.org
Date: Fri, 1 Oct 2004 10:38:55 -0400 (EDT)

Update of /usr/local/cvs/nessus-plugins/scripts
In directory raccoon.nessus.org:/tmp/cvs-serv43135

Added Files:
	icecast_avllib_bof.nasl icecast_dir_traversal.nasl 
	icecast_http_basic_auth.nasl icecast_libshout_bof.nasl 
	icecast_rbof.nasl icecast_slash_dos.nasl 
Log Message:
added

--- NEW FILE: icecast_avllib_bof.nasl ---
#
#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
#  based on work from
#  (C) Tenable Network Security
#
#  Ref: <dizznutt_at_my.security.nl>
#
#  This script is released under the GNU GPL v2
#

if(description)
{
 script_id(15401);
 script_bugtraq_id(4415);
 script_cve_id("CAN-2002-0177");
 script_version ("$Revision: 1.1 $");
 
 name["english"] = "ICECast AVLlib remote buffer overflow";
 script_name(english:name["english"]);
 
 desc["english"] = "
The remote server runs a version of ICECast, an open source 
streaming audio server, which is older than version 1.3.12.

This version is affected by a remote buffer overflow because it does
not properly check bounds of data send from clients. 

As a result of this vulnerability, it is possible for a remote attacker to
cause a stack overflow and then execute arbitrary code with the privilege of the server.

*** Nessus reports this vulnerability using only
*** information that was gathered.

Solution : Upgrade to a newer version.
Risk factor : High";

 script_description(english:desc["english"]);
 
 summary["english"] = "Check icecast version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2004 David Maciejak",
		francais:"Ce script est Copyright (C) 2004 David Maciejak");
		
 family["english"] = "Misc.";
 script_family(english:family["english"]);
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8000);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_kb_item("Services/www");
if(!port) port = 8000;

if(get_port_state(port))
{
soc = open_sock_tcp(port);
if(soc)
{
  req = http_head(item:"/", port:port);
  send(socket:soc,data:req);
  r = http_recv(socket:soc);
  close(soc);
  str = strstr(r, "icecast");
  if(str)
  {
    if(ereg(pattern:"icecast/1\.([012]\.|3\.([0-9]|1[01])[^0-9])", string:str))
      security_hole(port);
  }
 }
}

--- NEW FILE: icecast_dir_traversal.nasl ---
#
#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
#  based on work from
#  (C) Tenable Network Security
#
#  Ref: gollum <gollum_at_evilemail.com>
#
#  This script is released under the GNU GPL v2
#

if(description)
{
 script_id(15396);
 script_bugtraq_id(2932);
 script_cve_id("CAN-2001-0784");
 if (defined_func("script_xref")) script_xref(name:"OSVDB", value:"1883");
 script_version ("$Revision: 1.1 $");
 
 name["english"] = "ICECast directory traversal flaw";
 script_name(english:name["english"]);
 
 desc["english"] = "
The remote server runs a version of ICECast, an open source 
streaming audio server, which is as older than version 1.3.10.

This version is affected by a directory traversal flaw.

An attacker could send specially crafted URL to view arbitrary files 
on the system.

*** Nessus reports this vulnerability using only
*** information that was gathered.

Solution : Upgrade to a newer version.
Risk factor : High";


 script_description(english:desc["english"]);
 
 summary["english"] = "Check icecast version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2004 David Maciejak",
		francais:"Ce script est Copyright (C) 2004 David Maciejak");
		
 family["english"] = "Misc.";
 script_family(english:family["english"]);
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8000);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_kb_item("Services/www");
if(!port) port = 8000;

if(get_port_state(port))
{
#for now we just test the banner
soc = open_sock_tcp(port);
if(soc)
{
  req = http_head(item:"/", port:port);
  send(socket:soc,data:req);
  r = http_recv(socket:soc);
  close(soc);
  str = strstr(r, "icecast");
  if(str)
  {
    if(ereg(pattern:"icecast/1\.([012]\.|3\.[0-9][^0-9])", string:str))
      security_hole(port);
  }
 }
}

--- NEW FILE: icecast_http_basic_auth.nasl ---
#
#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
#  based on work from
#  (C) Tenable Network Security
#
#  Ref: ned <nd_at_felinemenace.org>
#
#  This script is released under the GNU GPL v2
#

if(description)
{
 script_id(15397);
 script_bugtraq_id(10311);
 if (defined_func("script_xref")) script_xref(name:"OSVDB", value:"6075");
 script_version ("$Revision: 1.1 $");
 
 name["english"] = "ICECast HTTP basuc authorization DoS";
 script_name(english:name["english"]);
 
 desc["english"] = "
The remote server runs ICECast 2.0.0, an open source streaming audio 
server.

This version is affected by a remote denial of service.

An remote attacker could send specially crafted URL, with a long string
passed in an Authorization header that will result in a loss of availability 
for the service.

*** Nessus reports this vulnerability using only
*** information that was gathered.

Solution : Upgrade to a newer version.
Risk factor : High";


 script_description(english:desc["english"]);
 
 summary["english"] = "Check icecast version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2004 David Maciejak",
		francais:"Ce script est Copyright (C) 2004 David Maciejak");
		
 family["english"] = "Misc.";
 script_family(english:family["english"]);
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8000);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_kb_item("Services/www");
if(!port) port = 8000;

if(get_port_state(port))
{
#for now we just test the banner
soc = open_sock_tcp(port);
if(soc)
{
  req = http_head(item:"/", port:port);
  send(socket:soc,data:req);
  r = http_recv(socket:soc);
  close(soc);
  str = strstr(r, "icecast");
  if(str)
  {
    if(ereg(pattern:"icecast/2\.0\.0[^0-9])", string:str))
      security_hole(port);
  }
 }
}

--- NEW FILE: icecast_libshout_bof.nasl ---
#
#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
#  based on work from
#  (C) Tenable Network Security
#
#  Ref: Matt Messier <mmessier_at_prilnari.com> and John Viega <viega_at_list.org>
#
#  This script is released under the GNU GPL v2
#

if(description)
{
 script_id(15398);
 script_bugtraq_id(4735);
 script_cve_id("CAN-2001-1229");
 script_version ("$Revision: 1.1 $");
 
 name["english"] = "ICECast libshout remote buffer overflow";
 script_name(english:name["english"]);
 
 desc["english"] = "
The remote server runs a version of ICECast, an open source 
streaming audio server, which is older than version 1.3.9.

Icecast and the libshout library are affected by a remote buffer overflow because they do
not properly check bounds of data send from clients. 

As a result of this vulnerability, it is possible for a remote attacker to
cause a stack overflow and then execute arbitrary code with the privilege of the server.

*** Nessus reports this vulnerability using only
*** information that was gathered.

Solution : Upgrade to a newer version.
Risk factor : High";



 script_description(english:desc["english"]);
 
 summary["english"] = "Check icecast version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2004 David Maciejak",
		francais:"Ce script est Copyright (C) 2004 David Maciejak");
		
 family["english"] = "Misc.";
 script_family(english:family["english"]);
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8000);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_kb_item("Services/www");
if(!port) port = 8000;

if(get_port_state(port))
{
soc = open_sock_tcp(port);
if(soc)
{
  req = http_head(item:"/", port:port);
  send(socket:soc,data:req);
  r = http_recv(socket:soc);
  close(soc);
  str = strstr(r, "icecast");
  if(str)
  {
    if(ereg(pattern:"icecast/1\.(0\.[0-4][^0-9]|1\.|3\.[0-8][^0-9])", string:str))
      security_hole(port);
  }
 }
}

--- NEW FILE: icecast_rbof.nasl ---
#
#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
#  based on work from
#  (C) Tenable Network Security
#
#  Ref: Andreas Hasenack <andreas_at_conectiva.com.br> and Matt Messier <mmessier_at_prilnari.com>
#
#  This script is released under the GNU GPL v2
#

if(description)
{
 script_id(15399);
 script_bugtraq_id(4743);
 script_cve_id("CAN-2001-1230");
 script_version ("$Revision: 1.1 $");
 
 name["english"] = "ICECast remote buffer overflow";
 script_name(english:name["english"]);
 
 desc["english"] = "
The remote server runs a version of ICECast, an open source 
streaming audio server, which is older than version 1.3.10.

This version is affected by a remote buffer overflow.

As a result of this vulnerability, it is possible for a remote attacker
to execute arbitrary code with the privilege of the server.

Solution : Upgrade to a newer version.
Risk factor : High";



 script_description(english:desc["english"]);
 
 summary["english"] = "Check icecast version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2004 David Maciejak",
		francais:"Ce script est Copyright (C) 2004 David Maciejak");
		
 family["english"] = "Misc.";
 script_family(english:family["english"]);
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8000);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_kb_item("Services/www");
if(!port) port = 8000;

if(get_port_state(port))
{
soc = open_sock_tcp(port);
if(soc)
{
  req = http_head(item:"/", port:port);
  send(socket:soc,data:req);
  r = http_recv(socket:soc);
  close(soc);
  str = strstr(r, "icecast");
  if(str)
  {
    if(ereg(pattern:"icecast/1\.(1\.|3\.[0-9][^0-9])", string:str))
      security_hole(port);
  }
 }
}

--- NEW FILE: icecast_slash_dos.nasl ---
#
#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
#  based on work from
#  (C) Tenable Network Security
#
#  Ref: gollum <gollum_at_evilemail.com>
#
#  This script is released under the GNU GPL v2
#

if(description)
{
 script_id(15400);
 script_bugtraq_id(2933);
 script_cve_id("CAN-2001-1083");
 if (defined_func("script_xref")) script_xref(name:"OSVDB", value:"5472");
 script_version ("$Revision: 1.1 $");
 
 name["english"] = "ICECast crafted URL DoS";
 script_name(english:name["english"]);
 
 desc["english"] = "
The remote server runs a version of ICECast, an open source 
streaming audio server, which is older than version 1.3.11.

This version is affected by a remote denial of service because
Icecast server does not properly sanitize user-supplied input.

An remote attacker could send specially crafted URL, by adding '/', '\' or '.' to the end,
that may result in a loss of availability for the service.

*** Nessus reports this vulnerability using only
*** information that was gathered.

Solution : Upgrade to a newer version.
Risk factor : High";


 script_description(english:desc["english"]);
 
 summary["english"] = "Check icecast version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2004 David Maciejak",
		francais:"Ce script est Copyright (C) 2004 David Maciejak");
		
 family["english"] = "Misc.";
 script_family(english:family["english"]);
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8000);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_kb_item("Services/www");
if(!port) port = 8000;

if(get_port_state(port))
{
#for now we just test the banner
soc = open_sock_tcp(port);
if(soc)
{
  req = http_head(item:"/", port:port);
  send(socket:soc,data:req);
  r = http_recv(socket:soc);
  close(soc);
  str = strstr(r, "icecast");
  if(str)
  {
    if(ereg(pattern:"icecast/1\.(1\.|3\.([0-9]|10)[^0-9])", string:str))
      security_hole(port);
  }
 }
}

Previous by Date: nessus-plugins/scripts icecast_http_header_overflow.nasl,1.2,1.3
Next by Date: nessus-plugins/scripts w_agora_input_vulnerabilities.nasl,NONE,1.1
Previous by Thread: nessus-plugins/scripts http_func.inc,1.73,1.74
Next by Thread: nessus-plugins/scripts icecast_http_basic_auth.nasl,1.1,1.2
Nessus-cvs October 2004 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Nessus-cvs list archive Table of Contents
More information about the Nessus-cvs mailing list

This archive was generated by a fusion of Pipermail 0.09 (Mailman edition) and MHonArc 2.6.8.