Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Kevin Wetzel (kevinPANETWORKS.NET)
Date: Thu Jan 18 2001 - 00:46:04 CST
The following information is being released by PA Networks to expose a potential problem
with the Shoutcast server for Linux version v1.7.1 for Shoutcast Distributed Network
During testing of new streams the following was discovered.
Software Needed To Perform This Overflow:
Winamp (Any Version)
DSP Plugin for Audio Streaming
Microsoft Netshow Tools (Audio MP3 Codecs Only)
Shoutcast Server for Linux v1.7.1
Normally the Winamp client uses the DSP plugin to encode MP3 files and send a single
stream to a DNAS Server (Shoutcast) for distribution to listeners. By entering a string
in the description past the visible field the server will overflow causing the shoutcast
server to crash. This has been tested and verified on the Linux version only so we do not
know if the Win32 version of DNAS is also affected.
The Linux server crashed with an "Error A" message and the server must be restarted.
It is possible to crash a server only when the server is running and no connection are
active on the server. Once an active connection from a Winamp player is established the
condition is not exploitable. So you would have to catch a server in a "Sleep" state
meaning that it would be running but nothing is currently being broadcast.
Questions or concerns can be addressed to nocpanetworks.net.
PA Networks Internet
"It's Your Internet... So Use It!"