lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1ba42b871001050735i9012df6n7af798b58e1ded84@mail.gmail.com>
Date: Tue, 5 Jan 2010 20:35:28 +0500
From: rewterz security team <advisories@...terz.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: REWTERZ-20100102 - Nemesis Player (NSP) Local
	Denial of Service (DoS) Vulnerability

========================================================
Rewterz 05/01/2010

- Nemesis Player (NSP) Local Denial of Service (DoS) Vulnerability -

1) Affected Software

* NSP 2.0
* NSP 1.1 Beta


========================================================
2) Severity

Rating: High
Impact: Denial of Service
Where: Local


========================================================
3) Vendor's Description of Software

"The Nemesis Player (NSP) is much more than any other media player.
It allows you to watch your video files collection like any player
but also enables you to emulate a "DVD menu" for your videos.

Nsp can be broken down into 3 parts: Scene Editing, Project Settings
and the player itself."

Product Link:
http://www.nsplayer.org


========================================================
4) Description of Vulnerability

Rewterz has discovered vulnerability in Nemesis Player (NSP). This
vulnerability could lead to Denial of Service with the privileges of
the current process or user and cause system to stop responding.

This vulnerability exists in the handling of Nsp project file. We chose
not to provide detailed information about the location of the
vulnerability and how to reproduce it because the author hasn't
confirmed this vulnerability. We can pass a long argument into the Nsp
project file. There is no checking of the length of these inputs.
Depending on the input, this will cause DoS condition.

We have confirmed the ability to execute our own code.


========================================================
5) Credits

Discovered by Rehan Ahmed, Rewterz.


========================================================
6) About Rewterz

Rewterz is a boutique Information Security company, committed to
consistently providing world class professional security services.
Our strategy revolves around the need to provide round-the-clock
quality information security services and solutions to our customers.
We maintain this standard through our highly skilled and professional
team, and custom-designed, customer-centric services and products.

http://www.rewterz.com


Complete list of vulnerability advisories published by Rewterz:

http://rewterz.com/securityadvisories.php


========================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ