lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <9E97F0997FB84D42B221B9FB203EFA273F3AE7@dc1ms2.msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: Winamp vulnerability : technical study and    Exploit released

Nope, that is what this is for... "Only a few employees remain to prop
up the once-ubiquitous digital audio player with minor updates, but no
further improvements to Winamp are expected."

Therefore no big changes but they can fix small things. They tried with
5.0.6 but they will have to try again. 


> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Rich Eicher
> Sent: Wednesday, November 24, 2004 11:05 AM
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Winamp vulnerability : 
> technical study and Exploit released
> 
> This may have something to do with why there is no patch out 
> from Nullsoft.
> 
> http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsof
> t_Winamp/1100111204
> 
> 
> On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de 
> <elvi52001@...oo.com> wrote:
> > 
> >  
> > exploit and technical study of the Winamp flaw posted by k-otik  
> > http://www.k-otik.com/exploits/20041124.winampm3u.c.php
> >   
> > "..the cdda library only reserves 20 bytes for names when files are 
> > .cda, so the stack will be overwritten and exception occurs when a 
> > name looks like aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.cda"
> >   
> > but still NO patch from Winamp !!!
> > 
> >  ________________________________
> > Do you Yahoo!?
> >  Yahoo! Mail - You care about security. So do we. 
> > 
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ