lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <dq5qe7$dq2$1@sea.gmane.org>
Date: Thu Jan 12 14:53:31 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: [EEYEB-20051117B] Apple iTunes
	(QuickTime.qts)Heap Overflow

Mark Senior wrote in 
news:70f230c70601111530u1f0f688bt520efc44c94ef358@...l.gmail.com
> This must be an unintentional repost, surely?
>
>> From the description of CAN-2004-0431:
>
> Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1
> allows attackers to execute arbitrary code

  That's a totally different issue, the bug described in the original post 
isn't an integer overflow.  I would imagine the author of that post used one 
of eEye's earlier QT bug reports as a template and just forgot to update the 
CAN number.  If you check their website

http://www.eeye.com/html/research/advisories/AD20060111b.html

you'll see they've corrected both the AD number and the CAN number.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ