Bugtraq mailing list archives
XMCD v2.1 released (was: Security Problems in XMCD)
From: xmcd () bazooka amb org (Xmcd Admin)
Date: Mon, 25 Nov 1996 23:08:30 -0800
This is to announce that XMCD 2.1 patchlevel 0 has been released which fixes all of the issues previously raised by David Meltzer. It also contains a number of other minor feature and functionality enhancements. The new version may be obtained via the xmcd web page at: http://sunsite.unc.edu/~cddb/xmcd/ Users of xmcd with older versions are encouraged to upgrade. -Ti -- \\ // XMCD - Motif CD player / CDA - Command line CD player \\/ Ti Kan / AMB Research Laboratories //\ E-mail: xmcd () amb org // \\ URL: http://sunsite.unc.edu/~cddb/xmcd/ David J. Meltzer <davem () iss net> wrote:
There are security holes in XMCD 2.0pl2 (and presumably all previous versions), a popular audio cd player for numerous unix platforms, which allow a user defined environment variable to overflow a fixed size buffer resulting in a complete compromise of system security on machines with XMCD installed suid root. [ ... description deleted ]
Current thread:
- Administratrivia, (continued)
- Administratrivia Scriptors of DOOM (Nov 23)
- A Stupid script. Efrain Torres (Nov 22)
- A Stupid script. Aleph One (Nov 24)
- AIX lquerypv Aleph One (Nov 25)
- lquerypv fix Troy Bollinger (Nov 25)
- Security Problems in XMCD David J. Meltzer (Nov 25)
- FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr FreeBSD Security Officer (Nov 25)
- Digital FW2.0 question Peter Dieth (Nov 26)
- Re: Digital FW2.0 question Alan Cox (Nov 27)
- Re: FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr Warner Losh (Nov 26)
- XMCD v2.1 released (was: Security Problems in XMCD) Xmcd Admin (Nov 25)
- Security Problems in XMCD 2.1 David J. Meltzer (Nov 26)
- Re: Security Problems in XMCD 2.1 Theo Van Dinter (Nov 26)
- Re: Security Problems in XMCD 2.1 Jim Dennis (Nov 26)
- Re: Security Problems in XMCD 2.1 Alan Cox (Nov 27)
- Administratriva Aleph One (Nov 26)
- A security issue of a different kind. Alan Brown (Nov 26)
- BOOTP/DHCP security itudps (Nov 26)
- Re: BOOTP/DHCP security Alan Cox (Nov 27)
- Re: A security issue of a different kind. Jon Peatfield (Nov 27)
- Re: A security issue of a different kind. Piete Brooks (Nov 27)