| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Aug 2007 21:09:34 +0400 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: edi.strosar@...nostne-novice.com Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: [AOGBF] Re: BS.Player 2.22 NULL ptr dereference Dear edi.strosar@...nostne-novice.com, <irony> Seems to be Another One George Bush Fan. You know, there is vulnerability in all media players, it can be exploited by opening MP3 file with George Bush bathroom singing. George Bush fans are not vulnerable, yet they are still vulnerable to one you described. </irony> Quote: Can you, please explain why is this security bug? DoS is not software crash, DoS is Denial of Service. It means, security impact of DoS vulnerability should be preventing (blocking) access of legitimate user to some data or service (via data corruption, service malfuction, etc). --Friday, August 3, 2007, 4:40:41 AM, you wrote to full-disclosure@...ts.grok.org.uk: esvnc> ========================================================================= esvnc> Team Intell Security Advisory TISA2007-10-Private esvnc> ------------------------------------------------------------------------- esvnc> BS.Player 2.22 NULL pointer dereference esvnc> ========================================================================= -- ~/ZARAZA http://securityvulns.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists