Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

XMCD v2.1 released (was: Security Problems in XMCD)

From: xmcd () bazooka amb org (Xmcd Admin)
Date: Mon, 25 Nov 1996 23:08:30 -0800

This is to announce that XMCD 2.1 patchlevel 0 has been released
which fixes all of the issues previously raised by David Meltzer.
It also contains a number of other minor feature and functionality
enhancements.  The new version may be obtained via the xmcd web page at:

        http://sunsite.unc.edu/~cddb/xmcd/

Users of xmcd with older versions are encouraged to upgrade.

-Ti
--
\\ // XMCD - Motif CD player / CDA - Command line CD player
 \\/  Ti Kan / AMB Research Laboratories
 //\  E-mail: xmcd () amb org
// \\ URL:    http://sunsite.unc.edu/~cddb/xmcd/

David J. Meltzer <davem () iss net> wrote:

   There are security holes in XMCD 2.0pl2 (and presumably all previous
versions), a popular audio cd player for numerous unix platforms, which
allow a user defined environment variable to overflow a fixed size buffer
resulting in a complete compromise of system security on machines with XMCD
installed suid root.
[ ... description deleted ]
Previous By Date Next
Previous By Thread Next

Current thread: