ISS X-Force Database: icecast-dot-directory-traversal(6752): Icecast URL encoded "dot dot" directory traversal

Icecast URL encoded "dot dot" directory traversal

icecast-dot-directory-traversal (6752)

Medium Risk

Description:

Icecast could allow a remote attacker to traverse directories on the Web server. A remote attacker can send a specially-crafted URL containing hexadecimal URL encoded "dot dot" sequences "/%2E%2E/" (in place of the standard "dot dot" sequences used for this type of attack) to traverse directories and read arbitrary files on the Web server.

Consequences:

Obtain Information

Remedy:

For Debian GNU/Linux 2.2:
Upgrade to the latest version of icecast (1.3.10-1 or later), as listed in DSA-089-2. See References.

For Red Hat Powertools 7.0 and 7.1:
Upgrade to the latest version of icecast (1.3.12-1 or later), as listed in Red Hat, Inc. RHSA-2002:063-05. See References.

For Caldera OpenLinux Server 3.1 and 3.1.1:
Upgrade to the latest version of icecast (1.3.12-1 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2002-020.0. See References.

For other distributions:
Contact your vendor for patch or upgrade information.

References:

BugTraq Mailing List, Tue Jun 26 2001 - 10:14:04 CDT: Advisory.
Caldera International, Inc. Security Advisory CSSA-2002-020.0: Linux: icecast buffer overflows and denial-of-service.
Digit-Labs Security Advisory DLA-25-06-2001: Security-issues with Icecast Version 1.3.7.
Icecast Web site: latest news.
BID-2932: Icecast Directory Traversal Vulnerability
CVE-2001-0784: Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.
DSA-089: icecast-server -- remote root exploit (and others)
OSVDB ID: 1883: Icecast Access Arbitrary Files
RHSA-2002-063: Updated icecast packages are available

Platforms Affected:

Debian Debian Linux 2.2
Icecast Icecast 1.3.8beta2 and prior
RedHat Linux Powertools 7.0
RedHat Linux Powertools 7.1
SCO Caldera OpenLinux Server 3.1
SCO Caldera OpenLinux Server 3.1.1

Reported:

Jun 26, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page