SB2015052101 - NULL pointer dereference in icecast (Alpine package)
Published: May 21, 2015
Security Bulletin ID
SB2015052101
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2015-3026)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=39554ea06d8d10fb80ea89d8f7389b92e9fc2d40
- https://git.alpinelinux.org/aports/commit/?id=c4bc429979e1dd3aba76cda0dcf3b0575f149fef
- https://git.alpinelinux.org/aports/commit/?id=fc07a55220941f45298f2f02692d3a450ba4f1e3
- https://git.alpinelinux.org/aports/commit/?id=3a14e6657cc04105404e55c95210e7d2d9fbe216