Upstream information
Description
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | SUSE | |
---|---|---|
Base Score | 5 | 5 |
Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Access Vector | Network | Network |
Access Complexity | Low | Low |
Authentication | None | None |
Confidentiality Impact | None | None |
Integrity Impact | None | None |
Availability Impact | Partial | Partial |
SUSE Security Advisories:
- openSUSE-SU-2015:0728-1, published Thu, 16 Apr 2015 23:05:03 +0200 (CEST)
SUSE Timeline for this CVE
CVE page created: Wed Apr 8 15:19:53 2015CVE page last modified: Fri Oct 7 12:47:07 2022