Full Disclosure mailing list archives

Re: BS.Player 2.22 NULL ptr dereference

From: <edi.strosar () varnostne-novice com>
Date: Fri, 03 Aug 2007 15:43:06 -0400

Dear 3APA3A,

I didn't mentioned any DoS in my advisory. I clearly 
stated that it is a "bug" that will cause an 
exception/crash. It is a kind of Null/invalid ptr deref. 
The same kind as this is:

http://www.securityfocus.com/archive/1/434280

and not much different than this:

http://www.securityfocus.com/archive/1/461373

Nothing more. The main difference is that it was 
"implemented" by the vendor.

http://www.bsplayer.org/en/bs.player/news/new/?article=21&BSPLAYER=76f1ff40d5a7f9f2f44a66edc209ac2a

Thanks for your interest anyway.

Sincerelly,
Edi Strosar (Team Intell)


3APA3A wrote:


 Can  you,  please explain why is this security bug? DoS is not software
 crash,  DoS  is  Denial  of  Service.  It means, security impact of DoS
 vulnerability should be preventing (blocking) access of legitimate user
 to some data or service (via data corruption, service malfuction, etc).


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

BS.Player 2.22 NULL ptr dereference edi.strosar (Aug 02)
- [AOGBF] Re: BS.Player 2.22 NULL ptr dereference 3APA3A (Aug 03)
- <Possible follow-ups>
- Re: BS.Player 2.22 NULL ptr dereference edi.strosar (Aug 03)