RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
From: alex cottle (eddie5659_at_hotmail.com)
Date: 11/26/04
- Previous message: Mandrake Linux Security Team: "MDKSA-2004:141 - Updated zip packages fix vulnerability"
- Maybe in reply to: Brett Moore: "Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]"
- Next in thread: K-OTiK Security: "Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: brett.moore@security-assessment.com, bugtraq@securityfocus.com Date: Fri, 26 Nov 2004 10:49:40 +0000
Dear Brett
I've noticed that you say this is for version 5.05. Just looked at Winamp's
site, and they have a 5.06 version out. Is this one vunerable as well?
Kind Regards
Alex Cottle
>From: "Brett Moore" <brett.moore@security-assessment.com>
>Reply-To: <brett.moore@security-assessment.com>
>To: "Bugtraq@Securityfocus. Com" <bugtraq@securityfocus.com>
>Subject: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
>Date: Wed, 24 Nov 2004 16:05:46 +1300
>
>========================================================================
>= Winamp - Buffer Overflow In IN_CDDA.dll
>=
>= Affected Software:
>= Winamp 5.05, 5.06
>=
>= Public disclosure on November 24, 2004
>========================================================================
>
>== Overview ==
>
>Hate to be the bearer of bad news.
>
>It appears that the 'patched' version 5.05 does NOT fix the buffer overflow
>issue that we notified Nullsoft about. This is obviously not good.
>
>As we wrote in our advisory we were notified by email that the issue had
>been fixed and an update posted to the website.
>
>We have sent Nullsoft a copy of this email, and hope that they can remedy
>this problem quickly. Unfortunately, this may not be the case as was
>pointed out to me by somebody.
>
>== Solutions ==
>
>- Disassociate .cda and .m3u extensions from winamp
>- Wait for an update
>
>Brett Moore
>Network Intrusion Specialist, CTO
>Security-Assessment.com
>
>
>######################################################################
>CONFIDENTIALITY NOTICE:
>
>This message and any attachment(s) are confidential and proprietary.
>They may also be privileged or otherwise protected from disclosure. If
>you are not the intended recipient, advise the sender and delete this
>message and any attachment from your system. If you are not the
>intended recipient, you are not authorised to use or copy this message
>or attachment or disclose the contents to any other person. Views
>expressed are not necessarily endorsed by Security-Assessment.com
>Limited. Please note that this communication does not designate an
>information system for the purposes of the New Zealand Electronic
>Transactions Act 2003.
>######################################################################
- Previous message: Mandrake Linux Security Team: "MDKSA-2004:141 - Updated zip packages fix vulnerability"
- Maybe in reply to: Brett Moore: "Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]"
- Next in thread: K-OTiK Security: "Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
