lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004501c3a1d2$32733140$329f8018@youru10ixi0anw>
From: trihuynh at zeeup.com (Tri Huynh)
Subject: Buffer Underflow in popular CD-Writing Sotware

LOL. I can't stop laughing... :-)
  ----- Original Message ----- 
  From: Kristian Hermansen 
  To: Full Disclosure 
  Sent: Sunday, November 02, 2003 4:09 PM
  Subject: [Full-Disclosure] Buffer Underflow in popular CD-Writing Sotware



  To: bugtraq@...urityfocus.com announce@...ts.caldera.com full-disclosure@...ts.netsys.com

  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1

  ______________________________________________________________________________

  Hermansen Security Advisory

  Subject: Buffer Overflow in popular CD-Writing Software
  Advisory number: HERM-2003-MISC
  Issue date: 2003 November 02
  ______________________________________________________________________________


  1. Problem Description

  Many popular CD-Writing software programs are vulnerable to "Buffer Underflow" based vulnerabilities.  The problem lies in the fact that the program may be trying to write faster to the disc than the PC can handle, thus the storage buffer is depleted and a "Buffer Underflow" occurs.


  2. Vulnerable Supported Versions

  System Binaries
  ----------------------------------------------------------------------
  ALL POPULAR WRITING SOFTWARE

  3. Solution

  The proper solution is to get a newer burner which has "protection" against this critical vulnerability and use software which supports it.

  8. Disclaimer

  Hermansen is not responsible for the misuse of any of the information
  we provide on this website and/or through our security
  advisories. Our advisories are a service to our customers
  intended to promote secure installation and use of Hermansen
  products.


  9. Acknowledgments

  Hermansen would like to thank all dumb humans for the advisory.

  ______________________________________________________________________________

  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

  iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs
  q7S5CxTJrBp2c0KqG+NM+Zw=
  =4pz6
  -----END PGP SIGNATURE-----

  _______________________________________________
  Full-Disclosure - We believe in it.
  Charter: http://lists.netsys.com/full-disclosure-charter.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031102/fbb1ed85/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ