Icecast HTTP Header Processing Remote Overflow

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server is prone to a buffer overflow attack.

Description :

The remote web server runs Icecast version 2.0.1 or older. Such
versions are affected by an HTTP header buffer overflow vulnerability
that may allow an attacker to execute arbitrary code on the remote
host with the privileges of the Icecast server process.

To exploit this flaw, an attacker needs to send 32 HTTP headers to the
remote host to overwrite a return address on the stack.

See also :

Solution :

Upgrade to Icecast 2.0.2 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 14843 (icecast_http_header_overflow.nasl)

Bugtraq ID: 11271

CVE ID: CVE-2004-1561

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now