PS5 details: Is there a risk that hackers will exploit them?
inet infosec

PS5 details: Is there a risk that hackers will exploit them?

Sony's game developer and creator, Mark Cerny, gave some details about the new PS5 console. In one...
Read More
infosec

Cisco warns of vulnerabilities in 9000 series routers

Cisco has released 31 security tips this week, but has focused users on "critical" patches for ...
Read More
infosec

HP: Adds the Sure Sense malware blocker to its new devices

HP announced a series of updates and new features for PCs, as well as the official HP release ...
Read More
infosec

Covering vacancies in hacker security

Incidents of online attacks are increasing day by day. Previously no such attention was paid. After the incident with the ...
Read More
infosec

Oracle: New Critical Patch Update fixes 297 vulnerabilities

Oracle releases a collection of patches for multiple critical security vulnerabilities. The update contains 297 new security fixes ...
Read More
Latest Posts

Icecast: Vulnerability poses online radio stations at risk

A new vulnerability has been discovered on Icecast's streaming platform, exploiting which may end the live relay of any station using the platform. Vulnerability is on the server side, and is caused by poor rights setting. By exploiting it, the server crashes, and the relay is interrupted. At the theoretical level, there is the ability to remotely execute code. In order for a hacker to exploit the vulnerability, he must send special HTTP headers to the server that appear to be much larger than usual.

icecast online radio

Icecast is retained by the organization Xiph.org, and this is a service through which image and sound can be relayed. As it is available under free software licensing, and supports open communication standards, it is a fairly popular service primarily used to broadcast online radio stations.

In the last patch that has been released, the problem seems to have been resolved. Changelogs vulnerability is characterized as buffer overflow and affects 2.4.0 versions. 2.4.1, 2.4.2, and 2.4.3.

The security bug comes from snprintf that redirects the data output to a buffer. However, this mode of operation does not offer any security, and with certain techniques it can cause problems. Nick Rolfe from Semmle Security Research Team, reports that the snprintf function causes buffer overflow if the size argument is larger than the buffer size.

Vulnerability is no longer feasible, as 1 / 11 has released the Icecast 2.4.4. It has been codenamed CVE-2018-18820 and a proof of concept exploit has been published since October 16.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *