Thursday, November 8, 2012

Icecast security


Icecast is a server program used to stream in MP3 or Ogg Vorbis formats, which is very popular in Internet radio community. Many CDNs including Limelight use it to stream live MP3 streams. I've been browsing the web for typical vulnerabilities afflicting Icecast.  It looks like the trend is positive.  According to CVEdetails [2] the last vulnerability in the database dates 2007 and the trend has been declining :

Vulnerabilities By Year
  2001 5
 2002 2
 2004 3
 2005 2
 2007 1
Vulnerabilities By Type
  Denial of Service 5
 Execute Code 7
 Overflow 7
 Directory Traversal 2
 XSS 1
 Bypass Something 1

