Vulnerability Bulletins |
Cross-site scripting en icecast-server |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | icecast-server <= 1.3.11 |
Description |
|
|
Se ha encontrado una vulnerabilidad de cross site scripting en list.cgi del servidor web icecast. La variable UserAgent se maneja incorrectamente de tal forma que un atacante podría ejecutar comandos de Java script. |
|
Solution |
|
|
Actualización de software Debian Fuentes http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2.dsc http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2.tar.gz Arquitectura Alpha http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_alpha.deb Arquitectura ARM http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_arm.deb Arquitectura Intel IA-32 http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_i386.deb Arquitectura Intel IA-64 http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_ia64.deb Arquitectura HP Precision http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_hppa.deb Arquitectura Motorola 680x0 http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_m68k.deb Arquitectura Big endian MIPS http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_mips.deb Arquitectura Little endian MIPS http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_mipsel.deb Arquitectura PowerPC http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_powerpc.deb Arquitectura IBM S/390 http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_s390.deb Arquitectura Sun Sparc http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_sparc.deb |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-0781 |
| BID | |
Other resources |
|
|
Debian Security Advisory DSA 541-1 htp://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00144.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-08-26 |