SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Multimedia)  >   Song Requester Vendors:   Oddsock.org
Oddsock Song Requester Playlist Generator for Winamp Has Buffer Overflows Let Remote Users Crash the Winamp Media Server
SecurityTracker Alert ID:  1004787
SecurityTracker URL:  http://securitytracker.com/id/1004787
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 17 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 2.1
Description:   Buffer overflow vulnerabilities were reported in the Oddsock Song Requester Winamp plugin. A remote user can cause the Winamp media server to crash.

Outpost24 Security reported several buffer overflow vulnerabilities that allow a remote user to cause denial of service conditions. A remote user can cause the Winamp media service to crash, requiring a restart to return to normal operations.

The vulnerability reportedly exists in the parsing of long names or character strings. Successful exploitation may cause Winamp to shut down. Two demonstration exploit URLs are provided:

http://<musicserver>/request.cgi?listpos=9999999999999999999999999999
(9x256)

http://<musicserver>/request.cgi?psearch=999999999999999999999999999999
(9x254)

Both URLs will cause Winamp to crash, but the second will cause Winamp to crash without generating any error messages.

According to the report, all the Song Requester CGI files are vulnerable, including the 'admin.cgi' script.

The vendor has reportedly been notified.

See the original Outpost24 advisory at:

http://www.outpost24.com/ops/news/260&XVCLANGUAGEID=

Impact:   A remote user can cause the Winamp server to crash, requiring a manual restart to return to normal operations.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.oddsock.org/tools/gen_songrequester/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents

Subject:  Outpost24 Advisory: Oddsock PlaylistGenerator Multiple




Outpost24 Advisory
                                                      
         www.outpost24.com


Advisory Name: Oddsock PlaylistGenerator Multiple
BufferOverlow vulnerability
Release date: 15/07-02
Software : Song Requester Version : 2.1
Platform: Windows NT/XP/95/98/2000
Severity: DoS Vulnerability, that terminates Winamp,
and restart

Author: Lucas Lundgren (ll@outpost24.com)
Reference: http://www.outpost24.com/news/
Vedor Status:  No response


Summary:

Oddsock Playlist generator is used by Radio DJs to
allow listeners to choose a song to play from the
Winamp Playlist.Song Requester Version
2.1 contains multiple buffer overflows, which will
result in a DoS attack against the Winamp/Shoutcast
service. The DJ will have to restart Winamp in order to
make it work again. 

There are two major kinds of DoS attacks against this
software: the first will display an error message, and
inform the user that a logfile has been created.  The
second  attack closes down Winamp and restores the
playlist from the previous state, so that any newly
added songs will not be displayed in the playlist.It
also restores the admin password to what
is was previously, if it has been changed without
restarting Winamp.

Technical Details:

By parsing long names or characters to the CGI files in
the Song Requester, a DoS is avalible, closing down
Winamp and / or leaving  a error log.  You could try to
parse

http://<musicserver>/request.cgi?listpos=9999999999999999999999999999
(9x256)

This will cause Winamp to crash, and makes Dr Watson
dump a logfile.

But if you parse: 
 http://<musicserver>/request.cgi?psearch=999999999999999999999999999999
(9x254) 

Winamp will die without any error messages.

Oddsock overflows the playlist and crashes the Winamp
player. If you want to check it out, please look at Dr
Watson  logs for more details. All the CGI files in
Song Requester are vulnerable to DoS attacks, even
the 'admin.cgi'. Please note that the password you type
in is in clear text; no asterix signs replace the
characters.

Outpost24
Contact: Lucas Lundgren (ll@outpost24.com)

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC