OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: FraMe (framehispalab.com)
Date: Fri Aug 03 2001 - 03:29:20 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Vendor : Nullsoft
    Product : SHOUTcast Server 1.8.2 Linux/win32/?
    Date : 01/08/2001

    CONTENTS

    1. Overview
    2. Details
    3. Systems.
    4. Denial of Service
    5. Vendor Response

    1. Overview:

    SHOUTcast Server is a streaming audio server. A "bad" client request can
    crash the server.

    2. Details

    Server crash when get, seven
    times ( aprox ), a very long buffer (4KB) in fields: User-Agent and
    Host, in the client HTTP request.

    3. Systems

        - SHOUTcast Server 1.8.2 ( Linux )
        - SHOUTcast Server 1.8.2 ( Win32 )
        - SHOUTcast Server 1.8.2 ( Others ) ( No test )

    4. DoS

    The DoS in C format is attached.

    5. Vendor Response

    31/08/01: Sent problem to tomnullsoft.com

    03/08/01: No response from tomnullsoft.com
                    Sent problem to bugtraqsecurityfocus.com

    =================================================
    [ FraMe - framehispalab.com ]
    [ Digital LiVe - http://frame.lifefromthenet.com ]
    [ PGP Key - www.hispalab.com/frame/pgpkey.asc ]
    [ Geek Code - www.hispalab.com/frame/geek.txt ]
    =================================================