CDP Console CD Player PrintTOC Function Buffer Overflow Vulnerability
BID:10021
Info
CDP Console CD Player PrintTOC Function Buffer Overflow Vulnerability
| Bugtraq ID: | 10021 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2004 12:00AM |
| Updated: | Mar 31 2004 12:00AM |
| Credit: | Discovery is credited to Shaun Colley <shaunige yahoo co uk>. |
| Vulnerable: |
cdp cdp 0.33 cdp cdp 0.4 |
| Not Vulnerable: | |
Discussion
CDP Console CD Player PrintTOC Function Buffer Overflow Vulnerability
It has been reported that cdp may be prone to a buffer overflow vulnerability that may allow an attacker to cause a denial of service condition in the software. The issue exists due to insufficient boundary checks performed by the printTOC() function. The buffer overflow condition may occur if when a song with a track name exceeding 200 bytes is accessed via the application.
If an attacker is able to overwrite sensitive memory locations, it may be possible to execute arbitrary instructions in the context of the user running cdp.
All versions of cdp are assumed to be vulnerable to this issue.
It has been reported that cdp may be prone to a buffer overflow vulnerability that may allow an attacker to cause a denial of service condition in the software. The issue exists due to insufficient boundary checks performed by the printTOC() function. The buffer overflow condition may occur if when a song with a track name exceeding 200 bytes is accessed via the application.
If an attacker is able to overwrite sensitive memory locations, it may be possible to execute arbitrary instructions in the context of the user running cdp.
All versions of cdp are assumed to be vulnerable to this issue.
Exploit / POC
CDP Console CD Player PrintTOC Function Buffer Overflow Vulnerability
Exploit code has been supplied by priestmaster <[email protected]>.
Exploit code has been supplied by priestmaster <[email protected]>.
Solution / Fix
CDP Console CD Player PrintTOC Function Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
CDP Console CD Player PrintTOC Function Buffer Overflow Vulnerability
References:
References:
- cdp Homepage (cdp)
- cdp buffer overflow vulnerability (=?iso-8859-1?q?Shaun=20Colley?=
) - Re: cdp buffer overflow vulnerability - updated details (=?iso-8859-1?q?Shaun=20Colley?=
)