lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <KFEMINDBKGBEMHACCJHCMEHKFDAA.brett.moore@security-assessment.com>
Date: Wed, 24 Nov 2004 16:05:46 +1300
From: "Brett Moore" <brett.moore@...urity-assessment.com>
To: "Bugtraq@...urityfocus. Com" <bugtraq@...urityfocus.com>
Subject: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]


========================================================================
= Winamp - Buffer Overflow In IN_CDDA.dll
=
= Affected Software:
=       Winamp 5.05, 5.06
=
= Public disclosure on November 24, 2004
========================================================================

== Overview ==

Hate to be the bearer of bad news.

It appears that the 'patched' version 5.05 does NOT fix the buffer overflow
issue that we notified Nullsoft about. This is obviously not good. 

As we wrote in our advisory we were notified by email that the issue had
been fixed and an update posted to the website. 

We have sent Nullsoft a copy of this email, and hope that they can remedy
this problem quickly. Unfortunately, this may not be the case as was
pointed out to me by somebody.

== Solutions ==

- Disassociate .cda and .m3u extensions from winamp
- Wait for an update

Brett Moore
Network Intrusion Specialist, CTO
Security-Assessment.com  


######################################################################
CONFIDENTIALITY NOTICE: 

This message and any attachment(s) are confidential and proprietary. 
They may also be privileged or otherwise protected from disclosure. If 
you are not the intended recipient, advise the sender and delete this 
message and any attachment from your system. If you are not the 
intended recipient, you are not authorised to use or copy this message 
or attachment or disclose the contents to any other person. Views 
expressed are not necessarily endorsed by Security-Assessment.com 
Limited. Please note that this communication does not designate an 
information system for the purposes of the New Zealand Electronic 
Transactions Act 2003.
######################################################################


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ