oss-sec mailing list archives
Re: CVE request: icecast: possible leak of on-connect scripts
From: cve-assign () mitre org
Date: Thu, 20 Nov 2014 09:52:44 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It was reported that Icecast could possibly leak the contents of on-connect scripts to clients, which may contain sensitive information. This issue has been fixed in the 2.4.1 release:
"Fix on-connect and on-disconnect script STDIN/STDOUT/STDERR corruption due to shared file descriptors."
Information contained can include passwords
http://icecast.org/news/icecast-release-2_4_1/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222 https://trac.xiph.org/ticket/2089 https://trac.xiph.org/ticket/2087 https://trac.xiph.org/changeset/19308
Use CVE-2014-9018. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUbf+QAAoJEKllVAevmvmsB/QH/iv2tkycZVO3mWFqsEkkNWSj v9B9xhVZzCGKnL3WU/89w6jszoCZfoJXA/kUPwnOzIyl2OpJNvHAKyRcONTo8gu8 rBpYYl2id90Xf4DEJucKjJFeMzo6q1BIxQAtOPro5VMBYZ+EC7Ups9AO0iMxzwr+ g9lusgsVy6jOEb+aeng3SX2GCgnwAv+SZ78wipPuBnxyO6Ec8W++lHOdB+7SDY/J 6A38oMJstLVy4PUSiHfNjK71Ej7m1Hx++mk3cMPXEINJh1dV9LcJEeAoANAePMma gRwboepBmq5FDDsV099VPfqMB4XQli3svZEjdkUCbPhjl1D4dj8s74i0uF9GGyI= =EjxT -----END PGP SIGNATURE-----
Current thread:
- CVE request: icecast: possible leak of on-connect scripts Murray McAllister (Nov 19)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 20)
- Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm (Nov 25)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 25)
- Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm (Nov 25)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 20)