Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: BS.Player 2.22 NULL ptr dereference

Re: BS.Player 2.22 NULL ptr dereference

From: <edi.strosar_at_varnostne-novice.com>
Date: Fri, 03 Aug 2007 15:43:06 -0400

Dear 3APA3A,

I didn't mentioned any DoS in my advisory. I clearly
stated that it is a "bug" that will cause an
exception/crash. It is a kind of Null/invalid ptr deref.
The same kind as this is:

http://www.securityfocus.com/archive/1/434280

and not much different than this:

http://www.securityfocus.com/archive/1/461373

Nothing more. The main difference is that it was
"implemented" by the vendor.

http://www.bsplayer.org/en/bs.player/news/new/?article=21&BSPLAYER=76f1ff40d5a7f9f2f44a66edc209ac2a

Thanks for your interest anyway.

Sincerelly,
Edi Strosar (Team Intell)

3APA3A wrote:
>
> Can you, please explain why is this security bug? DoS is not software
> crash, DoS is Denial of Service. It means, security impact of DoS
> vulnerability should be preventing (blocking) access of legitimate user
> to some data or service (via data corruption, service malfuction, etc).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Aug 03 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]