lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 26 Nov 2004 10:49:40 +0000
From: "alex cottle" <eddie5659@...mail.com>
To: brett.moore@...urity-assessment.com, bugtraq@...urityfocus.com
Subject: RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]


Dear Brett

I've noticed that you say this is for version 5.05. Just looked at Winamp's 
site, and they have a 5.06 version out. Is this one vunerable as well?

Kind Regards

Alex Cottle


>From: "Brett Moore" <brett.moore@...urity-assessment.com>
>Reply-To: <brett.moore@...urity-assessment.com>
>To: "Bugtraq@...urityfocus. Com" <bugtraq@...urityfocus.com>
>Subject: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
>Date: Wed, 24 Nov 2004 16:05:46 +1300
>
>========================================================================
>= Winamp - Buffer Overflow In IN_CDDA.dll
>=
>= Affected Software:
>=       Winamp 5.05, 5.06
>=
>= Public disclosure on November 24, 2004
>========================================================================
>
>== Overview ==
>
>Hate to be the bearer of bad news.
>
>It appears that the 'patched' version 5.05 does NOT fix the buffer overflow
>issue that we notified Nullsoft about. This is obviously not good.
>
>As we wrote in our advisory we were notified by email that the issue had
>been fixed and an update posted to the website.
>
>We have sent Nullsoft a copy of this email, and hope that they can remedy
>this problem quickly. Unfortunately, this may not be the case as was
>pointed out to me by somebody.
>
>== Solutions ==
>
>- Disassociate .cda and .m3u extensions from winamp
>- Wait for an update
>
>Brett Moore
>Network Intrusion Specialist, CTO
>Security-Assessment.com
>
>
>######################################################################
>CONFIDENTIALITY NOTICE:
>
>This message and any attachment(s) are confidential and proprietary.
>They may also be privileged or otherwise protected from disclosure. If
>you are not the intended recipient, advise the sender and delete this
>message and any attachment from your system. If you are not the
>intended recipient, you are not authorised to use or copy this message
>or attachment or disclose the contents to any other person. Views
>expressed are not necessarily endorsed by Security-Assessment.com
>Limited. Please note that this communication does not designate an
>information system for the purposes of the New Zealand Electronic
>Transactions Act 2003.
>######################################################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ