Icecast XSL Parser Multiple Vulnerabilities (OF, ID)

medium Nessus Plugin ID 17592
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote media streaming server is affected by multiple issues.

Description

The remote host is running a version of Icecast that suffers from two flaws in its XSL parser.

- A Locally-Exploitable Buffer Overflow Vulnerability The XSL parser does not check the size of XSL 'when', 'if', and 'value-of' tag values before copying them into a finite buffer in process memory. An attacker may potentially be able to exploit this vulnerability to execute arbitrary code if he can have a specially crafted XSL file placed in an Icecast folder.

- An Information Disclosure Vulnerability The XSL parser fails to parse XSL files when the request ends with a dot ('.') and instead simply returns the contents.
An attacker can exploit this to uncover sensitive information contained in XSL files.

Solution

Unknown at this time.

See Also

https://www.securityfocus.com/archive/1/393705

http://lists.xiph.org/pipermail/icecast/2005-March/008882.html

Plugin Details

Severity: Medium

ID: 17592

File Name: icecast_xsl_parser_flaws.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 3/22/2005

Updated: 1/19/2021

Dependencies: http_version.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:POC/RL:OF/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/19/2005

Reference Information

CVE: CVE-2005-0837, CVE-2005-0838

BID: 12849