Flaw in Icecast streaming media server allows to take off online Radio Stations
5.11.2018 securityaffairs Vulnerebility
Icecast streaming media server is affected by a flaw that could be exploited by an attacker to take off the broadcast of online radio stations.
Icecast streaming media server is affected by a vulnerability, tracked as CVE-2018-18820, that could be exploited by an attacker to take off the broadcast of online radio stations. Icecast supports both audio and video data and is maintained by the Xiph.org Foundation. Icecast is distributed under the GNU GPL, version 2, it can be used to create an Internet radio station or a privately running jukebox and many things in between.
The vulnerability was discovered by a researcher at the Semmle Security Research Team using LGTM, a software that analyzes checks code for vulnerabilities.
“I spotted a vulnerability in Icecast, the open source streaming media server maintained by the Xiph.org Foundation.” reads the security advisory.
“Attackers could craft HTTP headers that would overwrite the server’s stack contents, leading to remote code execution. Since Icecast is commonly used to host internet radio stations, a motivated attacker could potentially take a station off air.”
The flaw affects Icecast servers running versions 2.4.0 to 2.4.3 and using URL authentication.
The expert developed a proof-of-concept exploit that caused a segmentation fault in the server process triggering a DoS condition. The expert pointed out that further efforts could allow a persistent attacker to achieve full-blown remote code execution of the vulnerable system.
The experts at Xiph promptly patched the flaw with a minimum effort and a smart solution.
“The folks at Xiph patched the bug quickly, and the fix is pretty simple. It simply checks the return value from snprintf, and, if it causes post_offset to point beyond the end of the buffer, it logs an error and exits the loop.” continues the advisory.
Users should upgrade their installs to version 2.4.4 as soon as possible.
Technical details of the vulnerability are included in the post published by Nick Rolfe from of Semmle Security Research Team.