Security Advisory: Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?

[EN] securityvulns.ru
no-pyccku

Related information
  SHOUTcast Server buffer overflow
  SHOUTcast 1.8.9 bufferoverflow
  Shoutcast server 1.8.3 win32

From: FraMe <frame_(at)_hispalab.com>
Date: 13.08.2001
Subject: Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?

Vendor   : Nullsoft
Product :   SHOUTcast Server 1.8.2 Linux/win32/?
Date     : 01/08/2001

CONTENTS

1. Overview
2. Details
3. Systems.
4. Denial of Service
5. Vendor Response

1. Overview:

SHOUTcast Server is a streaming audio server. A "bad" client
request can
crash the server.

2. Details

Server crash when get, seven
times ( aprox ), a very long buffer (4KB) in fields: User-Agent
and
Host, in the client HTTP request.

3. Systems

   - SHOUTcast Server 1.8.2 ( Linux )
   - SHOUTcast Server 1.8.2 ( Win32 )
   - SHOUTcast Server 1.8.2 ( Others ) ( No test )

4. DoS

The DoS in C format is attached.

5. Vendor Response

31/08/01: Sent problem to tom@nullsoft.com

03/08/01: No response from tom@nullsoft.com
               Sent problem to bugtraq@securityfocus.com

=================================================
[ FraMe - frame@hispalab.com ]
[ Digital LiVe - http://frame.lifefromthenet.com ]
[ PGP Key - www.hispalab.com/frame/pgpkey.asc ]
[ Geek Code - www.hispalab.com/frame/geek.txt ]
=================================================