Icecast 服务程序在处理特殊文件名时存在拒绝服务攻击发布时间:2001-12-06 更新时间:2001-12-06 严重程度:中 威胁程度:远程拒绝服务 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 Icecast Icecast 1.0.0详细描述 Icecast 是一款使用在UNIX和WINDOWS下的音流服务程序。 Icecast没有很好的过滤用户输入的数据,当接收到文件名前后带'/'的用户请求时,服务程序会崩溃。导致不能继续提供服务。 测试代码 http://localhost:8000/file// 解决方案 升级程序: Icecast Icecast 1.0.0: Debian Upgrade 2.2 alpha icecast-server_1.3.10-1_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/icecast-server_1.3.10-1_alpha.deb Debian Upgrade 2.2 arm icecast-server_1.3.10-1_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/icecast-server_1.3.10-1_arm.deb Debian Upgrade 2.2 i386 icecast-server_1.3.10-1_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/icecast-server_1.3.10-1_i386.deb Debian Upgrade 2.2 m68k icecast-server_1.3.10-1_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/icecast-server_1.3.10-1_m68k.deb Debian Upgrade 2.2 ppc icecast-server_1.3.10-1_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/icecast-server_1.3.10-1_powerpc.deb Debian Upgrade 2.2 sparc icecast-server_1.3.10-1_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/icecast-server_1.3.10-1_sparc.deb 相关信息 gollum <gollum@evilemail.com> 参考:http://www.securityfocus.com/archive/1/193516 |
