String format vulnerability in icecast
| Advisory: | RHSA-2001:004-04 |
|---|---|
| Type: | Security Advisory |
| Severity: | N/A |
| Issued on: | 2001-01-23 |
| Last updated on: | 2001-01-24 |
| Affected Products: | Powertools 6.2 Powertools 7.0 |
| CVEs (cve.mitre.org): |
CVE-2001-0197 |
Details
A remote vulnerablity allows execution of arbitrary code.
A string format vulnerability that allows the execution of arbitrary
commands exists in all versions of icecast. A patch was posted to Bugtraq
to solve the problem and has been incorporated into this update. All users
of icecast should apply this update.
Solution
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
rpm -Fvh [filename]
where filename is the name of the RPM.
Updated packages
| Powertools 6.2 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/icecast/1.3.8.beta2-2/SRPMS/icecast-1.3.8.beta2-2.src.rpm Missing file |
MD5: 6e10a41120782afa633229384a3de9f5 |
| Alpha: | |
| ftp://updates.redhat.com/rhn/repository/NULL/icecast/1.3.8.beta2-2/alpha/icecast-1.3.8.beta2-2.alpha.rpm Missing file |
MD5: feba1b51874808c6d59eae717adc116d |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/icecast/1.3.8.beta2-2/i386/icecast-1.3.8.beta2-2.i386.rpm Missing file |
MD5: 17f5ed6b597b38456faff7e8bd1eb828 |
| Sparc: | |
| ftp://updates.redhat.com/rhn/repository/NULL/icecast/1.3.8.beta2-2/sparc/icecast-1.3.8.beta2-2.sparc.rpm Missing file |
MD5: e8c06fc3348e60a3053e7fad06dedeec |
| Powertools 7.0 | |
| SRPMS: | |
| icecast-1.3.8.beta2-3.src.rpm File outdated by: RHSA-2002:063 |
MD5: 417343d579a7067720300adc8c99b38d |
| Alpha: | |
| icecast-1.3.8.beta2-3.alpha.rpm File outdated by: RHSA-2002:063 |
MD5: b728ad07c46c37221e98d5ee905efb2d |
| IA-32: | |
| icecast-1.3.8.beta2-3.i386.rpm File outdated by: RHSA-2002:063 |
MD5: 9fc78917546ab1bc41fb9951d47bf749 |
References
https://www.redhat.com/security/data/cve/CVE-2001-0197.html
Thanks to |CyRaX| <cyrax@pkcrew.org> for finding the problem and posting it
to Bugtraq. For more information please see
http://www.securityfocus.com/vdb/bottom.html?vid=2264
Thanks to |CyRaX| <cyrax@pkcrew.org> for finding the problem and posting it
to Bugtraq. For more information please see
http://www.securityfocus.com/vdb/bottom.html?vid=2264
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/