Icecast can be killed by anyone with a simple HTTP request when <authentication type="url"> is used and a stream_auth handler is defined. Example configuration: <mount> <mount-name>/test.ogg</mount-name> <authentication type="url"> <option name="stream_auth" value="http://localhost/auth"/> </authentication> </mount> Proof of concept exploit: curl "http://stream.example.org:8000/admin/killsource?mount=/test.ogg" This happens if no logon credentials are sent with the request. The crash happens regardless of a source client being connected to the vulnerable mountpoint. Index: src/auth_url.c =================================================================== --- a/src/auth_url.c +++ b/src/auth_url.c @@ -540,7 +540,17 @@ port = config->port; config_release_config (); - user = util_url_escape (client->username); - pass = util_url_escape (client->password); ipaddr = util_url_escape (client->con->ip); + + if (client->username) { + user = util_url_escape(client->username); + } else { + user = strdup(""); + } + + if (client->password) { + pass = util_url_escape(client->password); + } else { + pass = strdup(""); + } snprintf (post, sizeof (post),