First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 136221
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Raphael Marichez <falco@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 136221 depends on: Show dependency tree
Bug 136221 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-06-09 13:10 0000 
Hi sound team,

http://secunia.com/advisories/20524/




Software:       SHOUTcast 1.x

Description:
UZUZZ has discovered some vulnerabilities in SHOUTcast, which can be exploited
by malicious users to conduct script insertion attacks.

Input passed to the "Description", "URL", "Genre", "AIM", and "ICQ" fields when
defining the broadcast properties is not properly sanitised before being used.
This can be exploited to inject arbitrary HTML and script code, which is
executed in a user's browser session in context of an affected site when the
malicious user data is viewed when accessing the main page.

Successful exploitation requires that the malicious DJ has broadcast access to
the vulnerable server.

The vulnerabilities have been confirmed in version 1.9.5. Other versions may
also be affected.

Solution:
Grant only trusted DJs broadcast access to a vulnerable server.

Provided and/or discovered by:
UZUZZ

------- Comment #1 From Raphael Marichez 2006-06-09 13:11:27 0000 ------- 
Waiting for a vendor patch or an official update

------- Comment #2 From Raphael Marichez 2006-06-18 04:29:48 0000 ------- 
still no upstream fix available

------- Comment #3 From Matthias Geerdsen 2006-07-04 06:20:07 0000 ------- 
has this been fixed in 1.9.7 (s. Bug #136721)

------- Comment #4 From Sune Kloppenborg Jeppesen 2006-07-04 11:59:23 0000 ------- 
Perhaps bundle GLSA with #136721

------- Comment #5 From Raphael Marichez 2006-07-05 06:59:41 0000 ------- 
(In reply to comment #4)
> Perhaps bundle GLSA with #136721 
> 

yes... i think we can combine the two bugs into the GLSA.

------- Comment #6 From Matthias Geerdsen 2006-07-06 06:40:43 0000 ------- 
Is this fixed in the new release though?

------- Comment #7 From Thierry Carrez (RETIRED) 2006-07-06 09:42:33 0000 ------- 
Yes, common GLSA

------- Comment #8 From Sune Kloppenborg Jeppesen 2006-07-09 10:37:13 0000 ------- 
GLSA 200607-05
First Last Prev Next    No search results available      Search page      Enter new bug