('binary' encoding is not supported, stored as-is) Outpost24 Advisory www.outpost24.com Advisory Name: Oddsock PlaylistGenerator Multiple BufferOverlow vulnerability Release date: 15/07-02 Software : Song Requester Version : 2.1 Platform: Windows NT/XP/95/98/2000 Severity: DoS Vulnerability, that terminates Winamp, and restart Author: Lucas Lundgren (llat_private) Reference: http://www.outpost24.com/news/ Vedor Status: No response Summary: Oddsock Playlist generator is used by Radio DJs to allow listeners to choose a song to play from the Winamp Playlist.Song Requester Version 2.1 contains multiple buffer overflows, which will result in a DoS attack against the Winamp/Shoutcast service. The DJ will have to restart Winamp in order to make it work again. There are two major kinds of DoS attacks against this software: the first will display an error message, and inform the user that a logfile has been created. The second attack closes down Winamp and restores the playlist from the previous state, so that any newly added songs will not be displayed in the playlist.It also restores the admin password to what is was previously, if it has been changed without restarting Winamp. Technical Details: By parsing long names or characters to the CGI files in the Song Requester, a DoS is avalible, closing down Winamp and / or leaving a error log. You could try to parse http://
This archive was generated by hypermail 2b30 : Tue Jul 16 2002 - 11:26:52 PDT