String format vulnerability in icecast

Advisory:	RHSA-2001:004-04
Type:	Security Advisory
Severity:	N/A
Issued on:	2001-01-23
Last updated on:	2001-01-24
Affected Products:	Red Hat Linux 6.2 Red Hat Linux 7.0
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2001-0197

Details

A remote vulnerablity allows execution of arbitrary code.

A string format vulnerability that allows the execution of arbitrary
commands exists in all versions of icecast. A patch was posted to Bugtraq
to solve the problem and has been incorporated into this update. All users
of icecast should apply this update.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 6.2

alpha:
ftp://updates.redhat.com/6.2/alpha/icecast-1.3.8.beta2-2.alpha.rpm Missing file	`feba1b51874808c6d59eae717adc116d`

i386:
ftp://updates.redhat.com/6.2/i386/icecast-1.3.8.beta2-2.i386.rpm Missing file	`17f5ed6b597b38456faff7e8bd1eb828`

sparc:
ftp://updates.redhat.com/6.2/sparc/icecast-1.3.8.beta2-2.sparc.rpm Missing file	`e8c06fc3348e60a3053e7fad06dedeec`

Red Hat Linux 7.0

alpha:
ftp://updates.redhat.com/7.0/alpha/icecast-1.3.8.beta2-3.alpha.rpm Missing file	`b728ad07c46c37221e98d5ee905efb2d`

i386:
ftp://updates.redhat.com/7.0/i386/icecast-1.3.8.beta2-3.i386.rpm Missing file	`9fc78917546ab1bc41fb9951d47bf749`

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0197
Thanks to |CyRaX| <cyrax@pkcrew.org> for finding the problem and posting it
to Bugtraq. For more information please see
http://www.securityfocus.com/vdb/bottom.html?vid=2264

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/