Mini-stream Software Mini-stream Ripper '.smi' File Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	39828
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 28 2010 12:00AM
Updated:	May 17 2010 09:12PM
Credit:	Hazem Mofeed
Vulnerable:	Mini-stream Software Mini-streamRipper 3.0.1 .1 Mini-stream Software Mini-streamRipper 0 Mini-stream Software Mini-stream Ripper 3.1 8 Mini-stream Software Mini-stream Ripper 3.0.1 .8
Not Vulnerable:

Mini-stream Software Mini-stream Ripper '.smi' File Remote Stack Buffer Overflow Vulnerability

Mini-stream Software Mini-stream Ripper is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input.

Successfully exploiting this issue can allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Mini-stream Ripper 3.1.0.8 and prior are vulnerable.

Mini-stream Software Mini-stream Ripper '.smi' File Remote Stack Buffer Overflow Vulnerability

The following exploit code and proof of concept are available:

• /data/vulnerabilities/exploits/39828.py
• /data/vulnerabilities/exploits/39828-2.py

Mini-stream Software Mini-stream Ripper '.smi' File Remote Stack Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Mini-stream Software Mini-stream Ripper '.smi' File Remote Stack Buffer Overflow Vulnerability

References:

• Mini-stream Ripper - Homepage (Mini-stream Software)
  
• Vendor Homepage (Mini-stream Software)