lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070629023401.GC1275@isecpartners.com>
Date: Thu, 28 Jun 2007 19:34:02 -0700
From: David Thiel <david@...cpartners.com>
To: bugtraq@...urityfocus.com
Subject: flac123 0.0.9 - Stack overflow in comment parsing

iSEC Partners Security Advisory - 2007-002-flactools
http://www.isecpartners.com
--------------------------------------------

flac123 0.0.9 - Stack overflow in comment parsing

Vendor URL: http://flac-tools.sourceforge.net/
Severity: High (Allows for arbitrary code execution)
Author: David Thiel <david[at]isecpartners[dot]com>

Vendor notified: 2007-06-05
Public release: 2007-06-28
Systems affected: Verified code execution on FreeBSD 6.2 - should affect most 
	systems.
Advisory URL: http://www.isecpartners.com/advisories/2007-002-flactools.txt

Summary:
--------
flac123, also known as flac-tools, is vulnerable to a buffer overflow in
vorbis comment parsing. This allows for the execution of arbitrary code.

Details:
--------
The function local__vcentry_parse_value() in vorbiscomment.c does not
correctly handle a long value_length, causing it to overflow the buffer
"dest" during memcpy().

Fix Information:
----------------
This is the sole issue corrected in version 0.0.10.

Thanks to:
----------
Dan Johnson for quickly producing the fixed version.

About iSEC Partners:
--------------------
iSEC Partners is a full-service security consulting firm that provides
penetration testing, secure systems development, security education
and software design verification.

More information on exploiting media players and codecs and tools to do
the same will be presented at BlackHat USA 2007.

115 Sansome Street, Suite 1005
San Francisco, CA 94104
Phone: (415) 217-0052

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ