Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulner

from [3APA3A] Network Security [Permanent Link]
Subject: Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability
Date: Wed, 1 Aug 2007 00:49:07 +0400 
Dear bugtraq@morph3us.org,

 Can  you,  please explain why is this security bug? DoS is not software
 crash,  DoS  is  Denial  of  Service.  It means, security impact of DoS
 vulnerability should be preventing (blocking) access of legitimate user
 to some data or service (via data corruption, service malfuction, etc).

 In  this  case,  user  can be much easily abused in any media player by
 sending  MP3  file with some very loud sound of finger by the wet glass
 or George Bush singing in the bathroom.

--Tuesday, July 31, 2007, 1:38:41 PM, you wrote to bugtraq@securityfocus.com:

bmo> -----BEGIN PGP SIGNED MESSAGE-----
bmo> Hash: RIPEMD160

bmo>  ---------------------------------------------------
bmo> | BuHa Security-Advisory #15    |    Jul 30th, 2007 |
bmo>  ---------------------------------------------------
bmo> | Vendor   | Nullsoft's Winamp (Lite)               |
bmo> | URL      | http://www.winamp.com/                 |
bmo> | Version  | <= 5.35                                |
bmo> | Risk     | Low (Denial Of Service)                |
bmo>  ---------------------------------------------------

bmo> o Description:
bmo> =============

bmo> Winamp is a proprietary media player for Windows systems. Visit
bmo> http://www.winamp.com/ for detailed information.

bmo> o Denial Of Service:
bmo> ===================

bmo> The M3U file format allows it to include local and remote files by
bmo> simply specifing the path to the desired file. Furthermore Winamp does
bmo> not check if the M3U file to include is the currently processed M3U
bmo> file wherefore it's possible to force Winamp to recursively read a
bmo> certain M3U file. Winamp allocates memory by each iteration which
bmo> leads to a stack overflow exception (0xc00000fd).

bmo> You are able to simply test this bug yourself by creating a file named
bmo> 'a.m3u' with the content 'a.m3u'. If you are using the standard version
bmo> of Winamp (not the Lite version) you just have to add the M3U file to
bmo> Winamp by for example simply dragging the file into the playlist.

bmo> The lite version catches the exception and exits if you add the
bmo> malformed M3U file to the playlist. If you use the "Enqueue in Winamp"
bmo> option (if configured you'll find it in the context menu) Winamp Lite
bmo> does not catch the exception and crashes too.




-- 
~/ZARAZA http://securityvulns.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability, bugtraq
Next by Date:  Really, really, penultimate, PacSec CFP deadline, Aug 10., Dragos Ruiu
Previous by Thread:  [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability, bugtraq
Next by Thread:  Really, really, penultimate, PacSec CFP deadline, Aug 10., Dragos Ruiu
Indexes:  [Date] [Thread] [Top] [All Lists]