Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 261182

Summary: media-sound/shoutcast-server-bin DNAS Relay Server Buffer Overflow Vulnerability
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: sound
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/33467/
Whiteboard: B1 [noglsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2009-03-04 16:27:45 UTC 
Secunia wrote:
Secunia Research has discovered a vulnerability in SHOUTcast, which
can be exploited by malicious people to compromise a vulnerable
system.

The vulnerability is caused due to a boundary error in DNAS when
receiving data from a relay master server. This can be exploited to
overflow a static buffer by tricking a SHOUTcast admin into setting
up a server to act as relay for a malicious server.

Successful exploitation allows to e.g. overwrite the password of the
web administration interface.

The vulnerability is confirmed in version 1.9.8 for Windows. Other
versions may also be affected.

SOLUTION:
Relay trusted servers only.

PROVIDED AND/OR DISCOVERED BY:
Stefan Cornelius, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2008-62/
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 02:40:58 UTC 
No upstream fix, secunia suggests relaying trusted servers only. @maintainers: p.mask? I would be okay with an elog warning users about that, but there's a second part to that secunia advisory:


2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. ban an IP address or subnet if a logged-in administrator visits a malicious web site.

This vulnerability is confirmed in version 1.9.8 for Windows and Linux. Other versions may also be affected.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2016-03-21 11:51:50 UTC 
# Aaron Bauman <bman@gentoo.org> (19 Mar 2016)
# Unpatched security vulnerability per bug #261182.
# Masked for removal in 30 days.
media-sound/shoutcast-server-bin
media-sound/shoutcast-trans-bin
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-04-26 08:28:36 UTC 
packages tree cleaned