| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mooyix at gmail.com (Brendan Dolan-Gavitt) Subject: Winamp vulnerability : technical study and Exploit released This may have something to do with why that article is crap: http://www.winamp.com/about/article.php?aid=10627 On Wed, 24 Nov 2004 11:04:56 -0600, Rich Eicher <reicher@...il.com> wrote: > This may have something to do with why there is no patch out from Nullsoft. > > http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsoft_Winamp/1100111204 > > > > > On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de <elvi52001@...oo.com> wrote: > > > > > > exploit and technical study of the Winamp flaw posted by k-otik > > http://www.k-otik.com/exploits/20041124.winampm3u.c.php > > > > "..the cdda library only reserves 20 bytes for names when files are .cda, so > > the stack will be overwritten and exception occurs when a name looks like > > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.cda" > > > > but still NO patch from Winamp !!! > > > > ________________________________ > > Do you Yahoo!? > > Yahoo! Mail - You care about security. So do we. > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists