[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1539342107.20070801004907@SECURITY.NNOV.RU>
Date: Wed, 1 Aug 2007 00:49:07 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: bugtraq@...ph3us.org
Cc: bugtraq@...urityfocus.com
Subject: Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability
Dear bugtraq@...ph3us.org,
Can you, please explain why is this security bug? DoS is not software
crash, DoS is Denial of Service. It means, security impact of DoS
vulnerability should be preventing (blocking) access of legitimate user
to some data or service (via data corruption, service malfuction, etc).
In this case, user can be much easily abused in any media player by
sending MP3 file with some very loud sound of finger by the wet glass
or George Bush singing in the bathroom.
--Tuesday, July 31, 2007, 1:38:41 PM, you wrote to bugtraq@...urityfocus.com:
bmo> -----BEGIN PGP SIGNED MESSAGE-----
bmo> Hash: RIPEMD160
bmo> ---------------------------------------------------
bmo> | BuHa Security-Advisory #15 | Jul 30th, 2007 |
bmo> ---------------------------------------------------
bmo> | Vendor | Nullsoft's Winamp (Lite) |
bmo> | URL | http://www.winamp.com/ |
bmo> | Version | <= 5.35 |
bmo> | Risk | Low (Denial Of Service) |
bmo> ---------------------------------------------------
bmo> o Description:
bmo> =============
bmo> Winamp is a proprietary media player for Windows systems. Visit
bmo> http://www.winamp.com/ for detailed information.
bmo> o Denial Of Service:
bmo> ===================
bmo> The M3U file format allows it to include local and remote files by
bmo> simply specifing the path to the desired file. Furthermore Winamp does
bmo> not check if the M3U file to include is the currently processed M3U
bmo> file wherefore it's possible to force Winamp to recursively read a
bmo> certain M3U file. Winamp allocates memory by each iteration which
bmo> leads to a stack overflow exception (0xc00000fd).
bmo> You are able to simply test this bug yourself by creating a file named
bmo> 'a.m3u' with the content 'a.m3u'. If you are using the standard version
bmo> of Winamp (not the Lite version) you just have to add the M3U file to
bmo> Winamp by for example simply dragging the file into the playlist.
bmo> The lite version catches the exception and exits if you add the
bmo> malformed M3U file to the playlist. If you use the "Enqueue in Winamp"
bmo> option (if configured you'll find it in the context menu) Winamp Lite
bmo> does not catch the exception and crashes too.
--
~/ZARAZA http://securityvulns.com/
Powered by blists - more mailing lists