TITLE:
SHOUTcast Server "icy-name" and "icy-url" Buffer Overflow
Vulnerability

SECUNIA ADVISORY ID:
SA10146

VERIFY ADVISORY:
[Only registered and activated users can see links]

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
SHOUTcast 1.x

DESCRIPTION:
A vulnerability has been reported in SHOUTcast Server, which can be
exploited by malicious, authenticated users to compromise a
vulnerable system.

The vulnerability is caused due to boundary errors when handling
input supplied to "icy-name" and "icy-url". These can be exploited to
cause buffer overflows by logging in and supplying overly long,
specially crafted strings (about 300 characters).

Successful exploitation may allow execution of arbitrary code with
the privileges of the service.

The vulnerability has been reported in version 1.9.2 for Windows.
Other versions may also be affected.

SOLUTION:
Grant only trusted users access to SHOUTcast Server.

REPORTED BY / CREDITS:
HEX

----------------------------------------------------------------------