ALT-PU-2018-2245-1

Package update icecast in branch p8

Version2.4.3-alt0.M80P.1

Published2018-08-29

Max severityMEDIUM

Severity:

Closed issues (4)

MEDIUM5.0

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.

Published: 2012-11-20Modified: 2026-04-29

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

MEDIUM5.0

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.

Published: 2014-12-03Modified: 2025-04-12

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

References

MEDIUM4.6

Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.

Published: 2014-12-10Modified: 2025-04-12

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

References

MEDIUM5.0

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."

Published: 2015-04-29Modified: 2025-04-12

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References