[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Buffer Underflow in popular CD-Writing Sotware

To: "Full Disclosure" <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] Buffer Underflow in popular CD-Writing Sotware
From: "Tri Huynh" <trihuynh@zeeup.com>
Date: Sun, 2 Nov 2003 22:17:42 -0800

LOL. I can't stop laughing... :-)
  ----- Original Message ----- 
  From: Kristian Hermansen 
  To: Full Disclosure 
  Sent: Sunday, November 02, 2003 4:09 PM
  Subject: [Full-Disclosure] Buffer Underflow in popular CD-Writing Sotware

  To: bugtraq@securityfocus.com announce@lists.caldera.com 
full-disclosure@lists.netsys.com

  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1

  ______________________________________________________________________________

  Hermansen Security Advisory

  Subject: Buffer Overflow in popular CD-Writing Software
  Advisory number: HERM-2003-MISC
  Issue date: 2003 November 02
  ______________________________________________________________________________

  1. Problem Description

  Many popular CD-Writing software programs are vulnerable to "Buffer 
Underflow" based vulnerabilities.  The problem lies in the fact that the 
program may be trying to write faster to the disc than the PC can handle, thus 
the storage buffer is depleted and a "Buffer Underflow" occurs.

  2. Vulnerable Supported Versions

  System Binaries
  ----------------------------------------------------------------------
  ALL POPULAR WRITING SOFTWARE

  3. Solution

  The proper solution is to get a newer burner which has "protection" against 
this critical vulnerability and use software which supports it.

  8. Disclaimer

  Hermansen is not responsible for the misuse of any of the information
  we provide on this website and/or through our security
  advisories. Our advisories are a service to our customers
  intended to promote secure installation and use of Hermansen
  products.

  9. Acknowledgments

  Hermansen would like to thank all dumb humans for the advisory.

  ______________________________________________________________________________

  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

  iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs
  q7S5CxTJrBp2c0KqG+NM+Zw=
  =4pz6
  -----END PGP SIGNATURE-----

  _______________________________________________
  Full-Disclosure - We believe in it.
  Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Buffer Underflow in popular CD-Writing Sotware
  - From: "Kristian Hermansen" <khermansen@ht-technology.com>

Prev by Date: Re: [Full-Disclosure] Gates: 'You don't need perfect code' for good security
Next by Date: Re: [Full-Disclosure] Gates: 'You don't need perfect code' for good security
Previous by thread: [Full-Disclosure] Buffer Underflow in popular CD-Writing Sotware
Next by thread: Re: [Full-Disclosure] Buffer Underflow in popular CD-Writing Sotware
Index(es):
- Date
- Thread