8433726 2002-05-13 14:28 -0700 /122 rader/ <security@caldera.com> Sänt av: joel@lysator.liu.se Importerad: 2002-05-14 00:13 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Extern mottagare: announce@lists.caldera.com Extern mottagare: security-alerts@linuxsecurity.com Mottagare: Bugtraq (import) <22263> Ärende: Security Update: [CSSA-2002-020.0] Linux: icecast buffer overflows and denial-of-service ------------------------------------------------------------ From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com Message-ID: <20020513142815.O6601@caldera.com> To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: icecast buffer overflows and denial-of-service Advisory number: CSSA-2002-020.0 Issue date: 2002 May 10 Cross reference: ______________________________________________________________________________ 1. Problem Description Buffer overflows in the icecast server allow remote attackers to execute arbitrary code via a long HTTP GET request, as well as allowing denial of service attacks. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to icecast-1.3.12-1.i386.rpm OpenLinux 3.1 Server prior to icecast-1.3.12-1.i386.rpm 3. Solution The proper solution is to install the latest packages. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS 4.2 Packages 83407efa0c40a9ceac02606ae37237f2 icecast-1.3.12-1.i386.rpm 4.3 Installation rpm -Fvh icecast-1.3.12-1.i386.rpm 4.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 4.5 Source Packages d55ff1702ff28781cf097566e34c91c5 icecast-1.3.12-1.src.rpm 5. OpenLinux 3.1 Server 5.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 5.2 Packages acd0d312bcb7679c205eb5305d7d4585 icecast-1.3.12-1.i386.rpm 5.3 Installation rpm -Fvh icecast-1.3.12-1.i386.rpm 5.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 5.5 Source Packages b36bf262d34fb88e9a00b695b024916e icecast-1.3.12-1.src.rpm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1229 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1230 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0177 Caldera OpenLinux security resources: http://www.caldera.com/support/security/index.html Caldera UNIX security resources: http://stage.caldera.com/support/security/ This security fix closes Caldera incidents sr863781, fz520848 and erg712036. 7. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. 8. Acknowledgements The "Packet Knights" group discovered some of these vulnerabilities. ______________________________________________________________________________ (8433726) / <security@caldera.com>/-------(Ombruten) Bilaga (application/pgp-signature) i text 8433727 8433727 2002-05-13 14:28 -0700 /9 rader/ <security@caldera.com> Importerad: 2002-05-14 00:13 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Extern mottagare: announce@lists.caldera.com Extern mottagare: security-alerts@linuxsecurity.com Mottagare: Bugtraq (import) <22264> Bilaga (text/plain) till text 8433726 Ärende: Bilaga till: Security Update: [CSSA-2002-020.0] Linux: icecast buffer overflows and denial-of-service ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzgL+8ACgkQbluZssSXDTGEzQCfeBKgOxtlmj759FzzoG1LOFEf 2MIAoK8+JwLPVO9oYx18SlROkbfUaSO5 =Afwz -----END PGP SIGNATURE----- (8433727) / <security@caldera.com>/-----------------