| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 03 Aug 2007 15:43:06 -0400 From: <edi.strosar@...nostne-novice.com> To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk> Subject: Re: BS.Player 2.22 NULL ptr dereference Dear 3APA3A, I didn't mentioned any DoS in my advisory. I clearly stated that it is a "bug" that will cause an exception/crash. It is a kind of Null/invalid ptr deref. The same kind as this is: http://www.securityfocus.com/archive/1/434280 and not much different than this: http://www.securityfocus.com/archive/1/461373 Nothing more. The main difference is that it was "implemented" by the vendor. http://www.bsplayer.org/en/bs.player/news/new/?article=21&BSPLAYER=76f1ff40d5a7f9f2f44a66edc209ac2a Thanks for your interest anyway. Sincerelly, Edi Strosar (Team Intell) 3APA3A wrote: > > Can you, please explain why is this security bug? DoS is not software > crash, DoS is Denial of Service. It means, security impact of DoS > vulnerability should be preventing (blocking) access of legitimate user > to some data or service (via data corruption, service malfuction, etc). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists