Information Leak in Icecast Streaming Server by Xiph.org
CVE-2014-9018

Currently unrated

Key Information:

Vendor: Icecast
Status: Icecast
Vendor: CVE Published:; 3 December 2014

What is CVE-2014-9018?

Icecast, prior to version 2.4.1, contains a vulnerability that exposes the output of on-connect scripts, potentially allowing remote attackers to capture sensitive information through shared file descriptors. This exploitation could lead to unauthorized access to data, thus compromising the security of the streaming server environment.

References

http://www.openwall.com/lists/oss-security/2014/11/19/23

mailing-listx_refsource_MLIST

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://icecast.org/news/icecast-release-2_4_1/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2014
Vulnerability Reserved
Nov 20, 2014

CVE-2014-9018 Data

JSON