Icecast: Denial of Service — GLSA 201508-03

A bug in the Icecast code handling source client URL authentication causes a Denial of Service condition.

Affected Packages

net-misc/icecast on all architectures
Affected versions < 2.4.2
Unaffected versions >= 2.4.2

Background

Icecast is an open source alternative to shoutcast that supports mp3, ogg (vorbis/theora) and aac streaming.

Description

When stream_auth handler is defined for URL authentication and a request is sent without login credentials, a Denial of Service condition can occur.

Impact

A remote attacker could possibly cause a Denial of Service condition.

Workaround

Users of affected versions can change stream_auth mountpoints to use password authentication instead.

Resolution

All icecast users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/icecast-2.4.2"
 

References

Release Date
August 15, 2015

Latest Revision
August 15, 2015: 1

Severity
normal

Exploitable
remote

Bugzilla entries