1. CVE-Search
  2. CVE-2015-3026
ID CVE-2015-3026
Summary Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
References
Vulnerable Configurations
  • cpe:2.3:a:xiph:icecast:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:1.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:1.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xiph:icecast:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:xiph:icecast:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 73965
confirm
debian DSA-3239
fedora
  • FEDORA-2015-13077
  • FEDORA-2015-13083
  • FEDORA-2015-13106
gentoo GLSA-201508-03
mlist
  • [Icecast-dev] 20150408 Icecast 2.4.2 - security release
  • [oss-security] 20150408 CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2
  • [oss-security] 20150408 Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2
suse openSUSE-SU-2015:0728
Last major update 30-10-2018 - 16:27
Published 29-04-2015 - 20:59
Last modified 30-10-2018 - 16:27
Back to Top