Entradas

Mostrando entradas de febrero, 2009

libsndfile AIFF buffer unverified

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 libsndfile AIFF buffer unverified A security issue affects the following library/software releases libsndfile <= 1.0.17 xmms-sndfile <= 1.2_4 winamp <= 5.541 And possibly more - -BACKGROUND Libsndfile is a C library for reading and writing files containing sampled sound (such as MS Windows WAV and the Apple/SGI AIFF format) through one standard library interface. - -DESCRIPTION Testing and debugging winamp, I have verified that the bug is specific to the library libsndfile. I saw that some of the functions of reading gives AIFF file headers, this does not check the limits of (CommonChunk.ckSize). There may be other functions with the same problem. One of the errors occur when unverified memset is called the limit of memory. Quote segment code at src/aiff.c: 847 ============================================================ else if (comm_fmt->size >= SIZEOF_AIFC_COMM) { //Some lines omitted memset (psf-> u.sc

Otro User Agent para usar.

Como recordaran en un post anterior: ¿Que User-Agent usar? Para no sobresalir en los Logs Ahi vimos que uno de los user agent mas comunes es del IE 6 Bajo Windows 5.1 (Generalmente windows XP). con el siguiente User-Agent: Mozilla/4.0 (compatible; U; MSIE 6.0; Windows NT 5.1) Posiblemente sea por qu muchos usan Copias Piratas de Windows y no pueden actualizarse a IE 7 pero bueno eso fue otro tema. Usando Firefox el mas comun es: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Sin embargo esto cambiaria rapidamente con las actualizacaciones automaticas de FIrefox, cambiaria a la 3.0.6 y tal vez la version de Gecko. Saludos.