| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00a401c3a19e$c661f8c0$7802a8c0@winxpnetsniper> From: khermansen at ht-technology.com (Kristian Hermansen) Subject: Buffer Underflow in popular CD-Writing Sotware To: bugtraq@...urityfocus.com announce@...ts.caldera.com full-disclosure@...ts.netsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Hermansen Security Advisory Subject: Buffer Overflow in popular CD-Writing Software Advisory number: HERM-2003-MISC Issue date: 2003 November 02 ______________________________________________________________________________ 1. Problem Description Many popular CD-Writing software programs are vulnerable to "Buffer Underflow" based vulnerabilities. The problem lies in the fact that the program may be trying to write faster to the disc than the PC can handle, thus the storage buffer is depleted and a "Buffer Underflow" occurs. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- ALL POPULAR WRITING SOFTWARE 3. Solution The proper solution is to get a newer burner which has "protection" against this critical vulnerability and use software which supports it. 8. Disclaimer Hermansen is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Hermansen products. 9. Acknowledgments Hermansen would like to thank all dumb humans for the advisory. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs q7S5CxTJrBp2c0KqG+NM+Zw= =4pz6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031102/9be210bd/attachment.html
Powered by blists - more mailing lists