Debian Security Advisory DSA 541-1 (icecast-server) Network Vulnerability

Summary

The remote host is missing an update to icecast-server announced via advisory DSA 541-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20541-1

Insight

Markus Wörle discovered a cross site scripting problem in status-display (list.cgi) of the icecast internal webserver, an MPEG layer III streaming server. The UserAgent variable is not properly html_escaped so that an attacker could cause the client to execute arbitrary Java script commands. For the stable distribution (woody) this problem has been fixed in version 1.3.11-4.2. For the unstable distribution (sid) this problem has been fixed in version 1.3.12-8. We recommend that you upgrade your icecast-server package.

Severity

Classification

CVE CVE-2004-0781

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 025-1 (openssh)
Debian Security Advisory DSA 037-1 (nextaw, xaw3d, xaw95)
Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks)
Debian Security Advisory DSA 1140-1 (gnupg)
Debian Security Advisory DSA 1075-1 (awstats)

Take action and discover your vulnerabilities