lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <005301c4d212$3bbd4300$0100a8c0@grotedoos>
From: skylined at edup.tudelft.nl (Berend-Jan Wever)
Subject: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]

Version 2.91 is not vulnerable, does not include crappy CPU consuming useless features and plays mp3's like any other version.

Cheers,
SkyLined

----- Original Message ----- 
From: "Brett Moore" <brett.moore@...urity-assessment.com>
To: "Full-Disclosure@...ts. Netsys. Com" <full-disclosure@...ts.netsys.com>
Sent: Wednesday, November 24, 2004 04:05
Subject: [Full-Disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]


> ========================================================================
> = Winamp - Buffer Overflow In IN_CDDA.dll
> =
> = Affected Software:
> =       Winamp 5.05, 5.06
> =
> = Public disclosure on November 24, 2004
> ========================================================================
> 
> == Overview ==
> 
> Hate to be the bearer of bad news.
> 
> It appears that the 'patched' version 5.05 does NOT fix the buffer overflow
> issue that we notified Nullsoft about. This is obviously not good. 
> 
> As we wrote in our advisory we were notified by email that the issue had
> been fixed and an update posted to the website. 
> 
> We have sent Nullsoft a copy of this email, and hope that they can remedy
> this problem quickly. Unfortunately, this may not be the case as was
> pointed out to me by somebody.
> 
> == Solutions ==
> 
> - Disassociate .cda and .m3u extensions from winamp
> - Wait for an update
> 
> Brett Moore
> Network Intrusion Specialist, CTO
> Security-Assessment.com  
> 
> 
> ######################################################################
> CONFIDENTIALITY NOTICE: 
> 
> This message and any attachment(s) are confidential and proprietary. 
> They may also be privileged or otherwise protected from disclosure. If 
> you are not the intended recipient, advise the sender and delete this 
> message and any attachment from your system. If you are not the 
> intended recipient, you are not authorised to use or copy this message 
> or attachment or disclose the contents to any other person. Views 
> expressed are not necessarily endorsed by Security-Assessment.com 
> Limited. Please note that this communication does not designate an 
> information system for the purposes of the New Zealand Electronic 
> Transactions Act 2003.
> ######################################################################
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ