Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?

From: FraMe (frameat_private)
Date: Fri Aug 03 2001 - 01:29:20 PDT

Next message: Tony Lambiris: "Re: snmpd log files long names problems"

Previous message: KF: "[Fwd: OpenUnix 8 dtaction dtprintinfo dtsession overflows]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vendor   :  Nullsoft
Product  :   SHOUTcast Server 1.8.2 Linux/win32/?
Date     :  01/08/2001

CONTENTS

1. Overview
2. Details
3. Systems.
4. Denial of Service
5. Vendor Response

1. Overview:

SHOUTcast Server is a streaming audio server. A "bad" client request can
crash the server.

2. Details

Server crash when get, seven
times ( aprox ), a very long buffer (4KB) in fields: User-Agent and
Host, in the client HTTP request.

3. Systems

    - SHOUTcast Server 1.8.2 ( Linux )
    - SHOUTcast Server 1.8.2 ( Win32 )
    - SHOUTcast Server 1.8.2 ( Others ) ( No test )

4. DoS

The DoS in C format is attached.

5. Vendor Response

31/08/01: Sent problem to tomat_private

03/08/01: No response from tomat_private
                Sent problem to bugtraqat_private


=================================================
[ FraMe - frameat_private ]
[ Digital LiVe - http://frame.lifefromthenet.com ]
[ PGP Key - www.hispalab.com/frame/pgpkey.asc  ]
[ Geek Code - www.hispalab.com/frame/geek.txt ]
=================================================

application/octet-stream attachment: shoutdos.c

Next message: Tony Lambiris: "Re: snmpd log files long names problems"
Previous message: KF: "[Fwd: OpenUnix 8 dtaction dtprintinfo dtsession overflows]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 07:54:33 PDT