| Vulnerability Name: | CVE-2015-3026 (CCN-102107) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2015-04-08 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2015-04-08 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-30 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." CWE-476: NULL Pointer Dereference | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-3026 Source: CCN Type: Icecast Web site Icecast is free server software for streaming multimedia. Source: FEDORA Type: UNKNOWN FEDORA-2015-13106 Source: FEDORA Type: UNKNOWN FEDORA-2015-13077 Source: FEDORA Type: UNKNOWN FEDORA-2015-13083 Source: SUSE Type: Third Party Advisory openSUSE-SU-2015:0728 Source: MLIST Type: Vendor Advisory [Icecast-dev] 20150408 Icecast 2.4.2 - security release Source: CCN Type: oss-security Mailing List, Wed, 08 Apr 2015 13:03:24 +0000 CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 Source: CCN Type: oss-security Mailing List, Wed, 08 Apr 2015 14:06:20 +0000 Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 Source: CCN Type: oss-security Mailing List, Wed, 8 Apr 2015 16:02:40 -0400 (EDT) Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 Source: DEBIAN Type: Third Party Advisory DSA-3239 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20150408 Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20150408 CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2 Source: BID Type: UNKNOWN 73965 Source: CCN Type: BID-73965 Icecast Remote Denial of Service Vulnerability Source: CONFIRM Type: Issue Tracking https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120 Source: XF Type: UNKNOWN icecast-streamauth-dos(102107) Source: GENTOO Type: UNKNOWN GLSA-201508-03 Source: CONFIRM Type: Issue Tracking https://trac.xiph.org/changeset/27abfbbd688df3e3077b535997330aa06603250f/icecast-server Source: CONFIRM Type: Exploit, Issue Tracking https://trac.xiph.org/ticket/2191 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||