SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Multimedia)  >  Zinf Vendors:  zinf.org
Zinf Playlist Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012122
SecurityTracker URL:  http://securitytracker.com/id?1012122
CVE Reference:  CAN-2004-0964   (Links to External Site)
Date:  Nov 8 2004
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.2.1; possibly other versions
Description:  A buffer overflow vulnerability was reported in Zinf. A remote user can execute arbitrary code on the target system.

Luigi Auriemma reported that a remote user can create a specially crafted '.pls' playlist file that, when loaded by the target user, will trigger the buffer overflow and potentially execute arbitrary code.

A demonstration exploit is available at:

http://aluigi.altervista.org/poc/zinf-bof.pls
Impact:  A remote user can cause arbitrary code to be executed on the target system with the privileges of the target user.
Solution:  The vendor has issued a fixed version for Linux/UNIX, available at:

http://www.zinf.org/download.php

[Editor's note: Version 2.2.5 reportedly contains the fix. It is unclear if any earlier versions also contain the fix.]

The latest Windows version (2.2.1) is still vulnerable.
Vendor URL:  www.zinf.org/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  Luigi Auriemma <aluigi@autistici.org>
Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 8 2004 (Debian Issues Fix) Zinf Playlist Buffer Overflow Lets Remote Users Execute Arbitrary Code   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.


 Source Message Contents
Date:  Fri, 24 Sep 2004 21:31:02 +0000
From:  Luigi Auriemma <aluigi@autistici.org>
Subject:  Buffer overflow in Zinf 2.2.1 for Win32

 


I don't know why this bug has not been tracked but moreover I don't
completely know why it has not been fixed yet in the Windows version of
Zinf.

In short, Zinf is an audio player for Linux and Windows: http://www.zinf.org
The latest Linux version is 2.2.5 while the latest Windows version is 2.2.1
which is still vulnerable to a buffer-overflow bug in the management of the
playlist files ".pls".

This bug has been found and fixed by the same developers in the recent
versions for Linux but, as already said, the vulnerable Windows version is
still downloadable and can be exploited locally and remotely through the web
browser and a malicious pls file.

A simple proof-of-concept to test the bug is available here:

  http://aluigi.altervista.org/poc/zinf-bof.pls

That's all, just to keep track of this bug and to warn who uses the Windows
version.


BYEZ



--- 
Luigi Auriemma
http://aluigi.altervista.org


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC