CVE - CVE-2015-3026

CVE-ID
CVE-2015-3026	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[Icecast-dev] 20150408 Icecast 2.4.2 - security release URL:http://lists.xiph.org/pipermail/icecast-dev/2015-April/002460.html MLIST:[oss-security] 20150408 CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 URL:http://www.openwall.com/lists/oss-security/2015/04/08/8 MLIST:[oss-security] 20150408 Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 URL:http://www.openwall.com/lists/oss-security/2015/04/08/11 CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120 CONFIRM:https://trac.xiph.org/changeset/27abfbbd688df3e3077b535997330aa06603250f/icecast-server CONFIRM:https://trac.xiph.org/ticket/2191 DEBIAN:DSA-3239 URL:http://www.debian.org/security/2015/dsa-3239 FEDORA:FEDORA-2015-13077 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164061.html FEDORA:FEDORA-2015-13083 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164074.html FEDORA:FEDORA-2015-13106 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163859.html GENTOO:GLSA-201508-03 URL:https://security.gentoo.org/glsa/201508-03 SUSE:openSUSE-SU-2015:0728 URL:http://lists.opensuse.org/opensuse-updates/2015-04/msg00030.html BID:73965 URL:http://www.securityfocus.com/bid/73965
Assigning CNA
N/A
Date Entry Created
20150408	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150408)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org