Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: icecas~1.htm

Icecast Remote DoS, Folder Traversal Exploit



Vulnerability

    Icecast

Affected

    Icecast v1.3.7

Description

    "gollum" found  following.   Icecast is  an audio-streaming server
    for Unix  and Windows(C)(TM).   Only the  Window version  has been
    tested.   Icecast  allows  for  remote  administration  and client
    access  by   a  web-interface.    Icecast   is  used   mainly   by
    radio-stations to broadcast audio on the in ternet.  Icecast  does
    not need a presence of  any particular web-server, it handles  all
    http-requests by itself.

    "gollum" discovered the following:
     - remote DoS attack,
     - folder traversal exploit.

    * Remote DoS attack *
    =====================
    If the server has enabled the http-server file streaming  support,
    a malicious client can perform  a DoS remeotly.  Http-server  file
    streaming support  is not  enabled by  default, but  is enabled by
    altering   variable   "staticdir"   in   the    configuration-file
    "icecast.conf".  The DoS causes an "Application Error" in Windows,
    thus crashing the Icecast-server completely.  The DoS is caused by
    adding an extra "/" or "\" behind the requested mp3-file.

    Complete the following steps to recreate the DoS:
    1. Start your Icecast-server
    2. Place  a  mp3-file  named  "test.mp3"  in  the  directory   you
       specified in the variable "staticdir"
    3. Open a web-browser and type

        http://www.someserver.zom:8000/file/test.mp3/

    * Folder traversal exploit *
    ============================
    Mp3-files  residing  outside  the  Web  catalog can be accessed by
    replacing  ascii-values  for  each  ".",  thus  using   "/%25%25/"
    instead of "/../" will walk one folder downward.

    Place a mp3-file named "test1.mp3" in the directory below the  one
    you  specified  in  the  variable  "staticdir".   Then  write  the
    following in your browser:

        http://localhost:8000/file/../test1.mp3 - Will fail in getting the file
        http://localhost:8000/file/%2E%2E/test1.mp3 - Will succeed in getting the file

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH