| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Sep 2004 21:31:02 +0000 From: Luigi Auriemma <aluigi@...istici.org> To: bugtraq@...urityfocus.com Subject: Buffer overflow in Zinf 2.2.1 for Win32 I don't know why this bug has not been tracked but moreover I don't completely know why it has not been fixed yet in the Windows version of Zinf. In short, Zinf is an audio player for Linux and Windows: http://www.zinf.org The latest Linux version is 2.2.5 while the latest Windows version is 2.2.1 which is still vulnerable to a buffer-overflow bug in the management of the playlist files ".pls". This bug has been found and fixed by the same developers in the recent versions for Linux but, as already said, the vulnerable Windows version is still downloadable and can be exploited locally and remotely through the web browser and a malicious pls file. A simple proof-of-concept to test the bug is available here: http://aluigi.altervista.org/poc/zinf-bof.pls That's all, just to keep track of this bug and to warn who uses the Windows version. BYEZ --- Luigi Auriemma http://aluigi.altervista.org
Powered by blists - more mailing lists