Intrusion Prevention

Icecast.HTTP.Header.Overflow

Description

This indicates an attempt to exploit a buffer overflow vulnerability in Icecast server.
Icecast is an audio broadcast system that streams music in both MP3 and Ogg Vorbis formats. A vulnerability is reported in it that may allow an attacker to execute arbitrary code on the vulnerable system. This is due to the application's failure to bounds check user HTTP requests. When exploiting this, an attacker may send a specially crafted HTTP request with more than 31 headers to overflow buffers and execute arbitrary code on the affected system.

Affected Products

Icecast 2.0.1 and earlier versions.

Impact

Compromise of the affected system.

Recommended Actions

Upgrade to Icecast 2.0.2 or later versions from the following URL:
http://svn.xiph.org/releases/icecast/

CVE References

CVE-2004-1561

Other References

1