lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1539342107.20070801004907@SECURITY.NNOV.RU>
Date: Wed, 1 Aug 2007 00:49:07 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: bugtraq@...ph3us.org
Cc: bugtraq@...urityfocus.com
Subject: Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability

Dear bugtraq@...ph3us.org,

 Can  you,  please explain why is this security bug? DoS is not software
 crash,  DoS  is  Denial  of  Service.  It means, security impact of DoS
 vulnerability should be preventing (blocking) access of legitimate user
 to some data or service (via data corruption, service malfuction, etc).

 In  this  case,  user  can be much easily abused in any media player by
 sending  MP3  file with some very loud sound of finger by the wet glass
 or George Bush singing in the bathroom.

--Tuesday, July 31, 2007, 1:38:41 PM, you wrote to bugtraq@...urityfocus.com:

bmo> -----BEGIN PGP SIGNED MESSAGE-----
bmo> Hash: RIPEMD160

bmo>  ---------------------------------------------------
bmo> | BuHa Security-Advisory #15    |    Jul 30th, 2007 |
bmo>  ---------------------------------------------------
bmo> | Vendor   | Nullsoft's Winamp (Lite)               |
bmo> | URL      | http://www.winamp.com/                 |
bmo> | Version  | <= 5.35                                |
bmo> | Risk     | Low (Denial Of Service)                |
bmo>  ---------------------------------------------------

bmo> o Description:
bmo> =============

bmo> Winamp is a proprietary media player for Windows systems. Visit
bmo> http://www.winamp.com/ for detailed information.

bmo> o Denial Of Service:
bmo> ===================

bmo> The M3U file format allows it to include local and remote files by
bmo> simply specifing the path to the desired file. Furthermore Winamp does
bmo> not check if the M3U file to include is the currently processed M3U
bmo> file wherefore it's possible to force Winamp to recursively read a
bmo> certain M3U file. Winamp allocates memory by each iteration which
bmo> leads to a stack overflow exception (0xc00000fd).

bmo> You are able to simply test this bug yourself by creating a file named
bmo> 'a.m3u' with the content 'a.m3u'. If you are using the standard version
bmo> of Winamp (not the Lite version) you just have to add the M3U file to
bmo> Winamp by for example simply dragging the file into the playlist.

bmo> The lite version catches the exception and exits if you add the
bmo> malformed M3U file to the playlist. If you use the "Enqueue in Winamp"
bmo> option (if configured you'll find it in the context menu) Winamp Lite
bmo> does not catch the exception and crashes too.




-- 
~/ZARAZA http://securityvulns.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ