Entradas

Mostrando entradas de febrero, 2009

libsndfile AIFF buffer unverified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

libsndfile AIFF buffer unverified

A security issue affects the following library/software releases

libsndfile <= 1.0.17
xmms-sndfile <= 1.2_4
winamp <= 5.541

And possibly more

- -BACKGROUND

Libsndfile is a C library for reading and writing files containing sampled
sound (such as MS Windows WAV and the Apple/SGI AIFF format) through one
standard library interface.

- -DESCRIPTION

Testing and debugging winamp, I have verified that the bug is specific to
the library libsndfile. I saw that some of the functions of reading gives
AIFF file headers, this does not check the limits of (CommonChunk.ckSize).
There may be other functions with the same problem. One of the errors
occur when unverified memset is called the limit of memory.

Quote segment code at src/aiff.c: 847
============================================================
else if (comm_fmt->size >= SIZEOF_AIFC_COMM)
{
//Some lines omitted

memset (psf-> u.scbuf, 0, comm_fmt-> s…

Otro User Agent para usar.

Como recordaran en un post anterior: ¿Que User-Agent usar? Para no sobresalir en los Logs

Ahi vimos que uno de los user agent mas comunes es del IE 6 Bajo Windows 5.1 (Generalmente windows XP).

con el siguiente User-Agent: Mozilla/4.0 (compatible; U; MSIE 6.0; Windows NT 5.1)

Posiblemente sea por qu muchos usan Copias Piratas de Windows y no pueden actualizarse a IE 7 pero bueno eso fue otro tema.

Usando Firefox el mas comun es: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5

Sin embargo esto cambiaria rapidamente con las actualizacaciones automaticas de FIrefox, cambiaria a la 3.0.6 y tal vez la version de Gecko.

Saludos.