lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY101-F277D543B4547323CCB31D8A9BA0@phx.gbl> Date: Fri, 26 Nov 2004 10:49:40 +0000 From: "alex cottle" <eddie5659@...mail.com> To: brett.moore@...urity-assessment.com, bugtraq@...urityfocus.com Subject: RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] Dear Brett I've noticed that you say this is for version 5.05. Just looked at Winamp's site, and they have a 5.06 version out. Is this one vunerable as well? Kind Regards Alex Cottle >From: "Brett Moore" <brett.moore@...urity-assessment.com> >Reply-To: <brett.moore@...urity-assessment.com> >To: "Bugtraq@...urityfocus. Com" <bugtraq@...urityfocus.com> >Subject: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] >Date: Wed, 24 Nov 2004 16:05:46 +1300 > >======================================================================== >= Winamp - Buffer Overflow In IN_CDDA.dll >= >= Affected Software: >= Winamp 5.05, 5.06 >= >= Public disclosure on November 24, 2004 >======================================================================== > >== Overview == > >Hate to be the bearer of bad news. > >It appears that the 'patched' version 5.05 does NOT fix the buffer overflow >issue that we notified Nullsoft about. This is obviously not good. > >As we wrote in our advisory we were notified by email that the issue had >been fixed and an update posted to the website. > >We have sent Nullsoft a copy of this email, and hope that they can remedy >this problem quickly. Unfortunately, this may not be the case as was >pointed out to me by somebody. > >== Solutions == > >- Disassociate .cda and .m3u extensions from winamp >- Wait for an update > >Brett Moore >Network Intrusion Specialist, CTO >Security-Assessment.com > > >###################################################################### >CONFIDENTIALITY NOTICE: > >This message and any attachment(s) are confidential and proprietary. >They may also be privileged or otherwise protected from disclosure. If >you are not the intended recipient, advise the sender and delete this >message and any attachment from your system. If you are not the >intended recipient, you are not authorised to use or copy this message >or attachment or disclose the contents to any other person. Views >expressed are not necessarily endorsed by Security-Assessment.com >Limited. Please note that this communication does not designate an >information system for the purposes of the New Zealand Electronic >Transactions Act 2003. >######################################################################
Powered by blists - more mailing lists