lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: khermansen at ht-technology.com (Kristian Hermansen)
Subject: Buffer Underflow in popular CD-Writing Sotware


To: bugtraq@...urityfocus.com announce@...ts.caldera.com full-disclosure@...ts.netsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

Hermansen Security Advisory

Subject: Buffer Overflow in popular CD-Writing Software
Advisory number: HERM-2003-MISC
Issue date: 2003 November 02
______________________________________________________________________________


1. Problem Description

Many popular CD-Writing software programs are vulnerable to "Buffer Underflow" based vulnerabilities.  The problem lies in the fact that the program may be trying to write faster to the disc than the PC can handle, thus the storage buffer is depleted and a "Buffer Underflow" occurs.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
ALL POPULAR WRITING SOFTWARE

3. Solution

The proper solution is to get a newer burner which has "protection" against this critical vulnerability and use software which supports it.

8. Disclaimer

Hermansen is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Hermansen
products.


9. Acknowledgments

Hermansen would like to thank all dumb humans for the advisory.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs
q7S5CxTJrBp2c0KqG+NM+Zw=
=4pz6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031102/9be210bd/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ