[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Shoutcast Server Buffer Crashes Server

Title: Shoutcast Server Buffer Crashes Server
Released by: PA Networks Internet
Date: 18th January 2001
Printable version: Click here
The following information is being released by PA Networks to expose a potential problem

with the Shoutcast server for Linux version v1.7.1 for Shoutcast Distributed Network

Audio Server.

During testing of new streams the following was discovered.

Software Needed To Perform This Overflow:

Winamp (Any Version)

DSP Plugin for Audio Streaming

Microsoft Netshow Tools (Audio MP3 Codecs Only)

Shoutcast Server for Linux v1.7.1

Normally the Winamp client uses the DSP plugin to encode MP3 files and send a single

stream to a DNAS Server (Shoutcast) for distribution to listeners. By entering a string

in the description past the visible field the server will overflow causing the shoutcast

server to crash. This has been tested and verified on the Linux version only so we do not

know if the Win32 version of DNAS is also affected.

The Linux server crashed with an "Error A" message and the server must be restarted.

It is possible to crash a server only when the server is running and no connection are

active on the server. Once an active connection from a Winamp player is established the

condition is not exploitable. So you would have to catch a server in a "Sleep" state

meaning that it would be running but nothing is currently being broadcast.

Questions or concerns can be addressed to noc@panetworks.net.

PA Networks Internet

"It's Your Internet... So Use It!"


(C) 1999-2000 All rights reserved.