oss-sec mailing list archives
Re: Re: CVE request: icecast: possible leak of on-connect scripts
From: jmm () debian org
Date: Tue, 25 Nov 2014 22:13:06 +0100
On Thu, Nov 20, 2014 at 09:52:44AM -0500, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1It was reported that Icecast could possibly leak the contents of on-connect scripts to clients, which may contain sensitive information. This issue has been fixed in the 2.4.1 release:"Fix on-connect and on-disconnect script STDIN/STDOUT/STDERR corruption due to shared file descriptors."Information contained can include passwordshttp://icecast.org/news/icecast-release-2_4_1/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222 https://trac.xiph.org/ticket/2089 https://trac.xiph.org/ticket/2087 https://trac.xiph.org/changeset/19308Use CVE-2014-9018.
I think this icecast2 issue should also receive a CVE ID: https://trac.xiph.org/changeset/19137/ Cheers, Moritz
Current thread:
- CVE request: icecast: possible leak of on-connect scripts Murray McAllister (Nov 19)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 20)
- Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm (Nov 25)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 25)
- Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm (Nov 25)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 20)