[1322] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] XMCD v2.1 released (was: Security Problems in XMCD)

daemon@ATHENA.MIT.EDU (Xmcd Admin)
Tue Nov 26 17:42:36 1996

From: xmcd@bazooka.amb.org (Xmcd Admin)
To: davem@iss.net (David J. Meltzer)
Date: Mon, 25 Nov 1996 23:08:30 -0800 (PST)
Cc: bugtraq@netspace.org, best-of-security@suburbia.net,
        linux-security@redhat.com, cert@cert.org, xmcd@bazooka.amb.org
In-Reply-To: <Pine.LNX.3.95.961125122334.28145C-100000@phoenix.iss.net> from "David J. Meltzer" at Nov 25, 96 12:45:32 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

This is to announce that XMCD 2.1 patchlevel 0 has been released
which fixes all of the issues previously raised by David Meltzer.
It also contains a number of other minor feature and functionality
enhancements.  The new version may be obtained via the xmcd web page at:

	http://sunsite.unc.edu/~cddb/xmcd/

Users of xmcd with older versions are encouraged to upgrade.

-Ti
-- 
\\ // XMCD - Motif CD player / CDA - Command line CD player
 \\/  Ti Kan / AMB Research Laboratories
 //\  E-mail: xmcd@amb.org
// \\ URL:    http://sunsite.unc.edu/~cddb/xmcd/

David J. Meltzer <davem@iss.net> wrote:
>    There are security holes in XMCD 2.0pl2 (and presumably all previous 
> versions), a popular audio cd player for numerous unix platforms, which 
> allow a user defined environment variable to overflow a fixed size buffer
> resulting in a complete compromise of system security on machines with XMCD
> installed suid root.  
> [ ... description deleted ]


home help back first fref pref prev next nref lref last post