[28293] in bugtraq
RE: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd)
daemon@ATHENA.MIT.EDU (Russell Garrett)
Sat Dec 21 14:32:21 2002
From: "Russell Garrett" <rg@tcslon.com>
To: "David Howe" <DaveHowe@gmx.co.uk>
Date: Thu, 19 Dec 2002 21:58:29 -0000
Message-ID: <NDBBLDHKLKMANPGMACIGIEBKDDAA.rg@tcslon.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <04e201c2a786$e8145ca0$c71121c2@sharpuk.co.uk>
This is an MD5 of a verified patched winamp 2.81, downloaded from
Nullsoft's internal tester site:
C:\>md5 winamp281_full.exe
353709951105A4671F457051157991C9
> -----Original Message-----
> From: David Howe [mailto:DaveHowe@gmx.co.uk]
> Sent: 19 December 2002 17:49
> To: Email List: BugTraq
> Subject: Re: Foundstone Research Labs Advisory - Multiple Exploitable
> Buffer Overflows in Winamp (fwd)
>
>
> at Thursday, December 19, 2002 12:31 AM, Dave Ahmad
> <da@securityfocus.com> was seen to say:
> > Solution:
> > For Winamp 2.81 users
> > We recommend either upgrading to Winamp 3.0 or redownloading Winamp
> > 2.81 (which has since been fixed) from: http://www.winamp.com
> Does anyone have a more direct URL or a MD5 hash of the "safe" file? the
> current download of 2.81 is still dated Aug 21 and the current 3.0 dated
> 8 Aug (on the site - haven't downloaded 3.0. but the internal date on
> 2.81 is definitely the 21st)
> There is also *nothing* about this on the winamp site - its as if it
> didn't exist.
----------------------------------------------------------------------------
Russ Garrett russ@garrett.co.uk.
http://russ.garrett.co.uk.
