Privilege Escalation in Icecast by Xiph.org Software
CVE-2014-9091

Currently unrated

Key Information:

Vendor: Icecast
Status: Icecast
Vendor: CVE Published:; 10 December 2014

What is CVE-2014-9091?

The Icecast server, prior to version 2.4.0, exhibits a vulnerability that fails to modify the supplementary group privileges when the directive is set. This oversight allows local users to exploit various unspecified vectors to gain elevated privileges, potentially compromising the integrity and security of the server and any associated data.

References

http://seclists.org/oss-sec/2014/q4/794

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1168146

x_refsource_CONFIRM

https://trac.xiph.org/changeset/19137/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2014
Vulnerability Reserved
Nov 26, 2014

CVE-2014-9091 Data

JSON