[NT] Oddsock Playlist Generator Multiple BufferOverlow vulnerability
From: support@securiteam.comDate: 07/22/02
- Previous message: support@securiteam.com: "[UNIX] Linux Kernel Setgid Implementation Flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 22 Jul 2002 22:40:42 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Oddsock Playlist Generator Multiple BufferOverlow vulnerability
------------------------------------------------------------------------
SUMMARY
Oddsock Playlist generator is used by Radio DJs to allow listeners to
choose a song to play from the Winamp Playlist. Song Requester version 2.1
contains multiple buffer overflows, which will result in a DoS attack
against the Winamp/Shoutcast service. The DJ will have to restart Winamp
in order to make it work again.
There are two major kinds of DoS attacks against this software: the first
will displays an error message, and informs the user that a log file has
been created. The second attack closes down Winamp and restores the
playlist from the previous state, so that any newly added songs will not
be displayed in the playlist. It also restores the administrator password
to what it was before it was changed (without restarting Winamp).
DETAILS
Vulnerable systems:
* Song Requester version 2.1
Technical details:
By parsing long names or characters to the CGI files in the Song
Requester, a DoS is available, closing down Winamp and / or leaving an
error log. You could try to parse
http:// This will cause Winamp to crash, and makes Dr Watson dump a log file.
However, if you parse:
Winamp will die without any error messages.
Oddsock overflows the playlist and crashes the Winamp player. If you want
ADDITIONAL INFORMATION
The information has been provided by <mailto:ll@outpost24.com> Lucas
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
http://
to check it out, please look at Dr Watson logs for more details. All the
CGI files in Song Requester are vulnerable to DoS attacks, even the
'admin.cgi'. Please note that the password you type in is in clear text;
no asterisks signs replace the characters.
Lundgren.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
