OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Kevin Wetzel (kevinPANETWORKS.NET)
Date: Thu Jan 18 2001 - 00:46:04 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    The following information is being released by PA Networks to expose a potential problem
    with the Shoutcast server for Linux version v1.7.1 for Shoutcast Distributed Network
    Audio Server.

    During testing of new streams the following was discovered.

    Software Needed To Perform This Overflow:
    Winamp (Any Version)
    DSP Plugin for Audio Streaming
    Microsoft Netshow Tools (Audio MP3 Codecs Only)
    Shoutcast Server for Linux v1.7.1

    Normally the Winamp client uses the DSP plugin to encode MP3 files and send a single
    stream to a DNAS Server (Shoutcast) for distribution to listeners. By entering a string
    in the description past the visible field the server will overflow causing the shoutcast
    server to crash. This has been tested and verified on the Linux version only so we do not
    know if the Win32 version of DNAS is also affected.

    The Linux server crashed with an "Error A" message and the server must be restarted.

    It is possible to crash a server only when the server is running and no connection are
    active on the server. Once an active connection from a Winamp player is established the
    condition is not exploitable. So you would have to catch a server in a "Sleep" state
    meaning that it would be running but nothing is currently being broadcast.

    Questions or concerns can be addressed to nocpanetworks.net.

    PA Networks Internet
    "It's Your Internet... So Use It!"
    http://www.panetworks.net