Security Digest: Winamp, Skype, HP

Winamp bug could bring buffer overflow ... Linux Skype accounts open to tinkering by local users ... HP-UX weakness can allow denial of service.

Winamp Bug Could Bring Buffer Overflow

In a grim reminder of force of the Pod, Winamp was found this week to have a problem handling IDv2 MP3 tags. It seems that if an overlong string was inserted into the album name, for example, a buffer overflow could occur that would allow the execution of the famous arbitrary code "teh haxorz."

Of course, social engineering is necessary in that the user must add a malicious MP3 file to a playlist and then play the file; but that shouldnt be too hard to do, should it?

Secunia says the "highly critical" vulnerability has been reported in versions 5.03a, 5.09 and 5.091. Other versions also may be affected. Its time to update to version 5.094, kids. Or iTunes.

Linux Skype Accounts Open to Tinkering by Local Users

If you thought you could have your own inviolately private account on Skype on Linux, the private part just got a mite shaky.

It seems that a malicious, local user is able to perform "certain actions" on a vulnerable system with escalated privileges.

The vulnerability is evidently caused by the insecure creation of the temporary file "/tmp/skype_profile.jpg." This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user running the affected application.

The vulnerability has been confirmed in version Prior versions may also be affected. There is no patch. The workaround is to only grant access to trusted users.

You as so hosed when she hacks the account and finds those calls to the g/f.

HP-UX Weakness Can Allow Denial of Service

In April, Hewlett-Packard reported a vulnerability in HP-UX, which was because of an unspecified error in the network PMTU discovery processing while receiving our old friend the "specially crafted" packet.

This could happen on any open connection. Successful exploitation caused a denial of service and required a reboot of the system to regain functionality. The vulnerability affects HP-UX B.11.00, B.11.04, B.11.11, B.11.22 and B.11.23 running TCP/IP (IPv4).

Whoa. Im glad HP found this one. Anyway, to plug the hole, HP recommended setting the "ip_pmtu_strategy" parameter to 0 or 3.

That was then, this is now. HP found out that products that were using HP-UX have a ripple-through, and—to its credit—issued another advisory. The company also has admitted that the Avaya Predictive Dialing System (which also was called MOSAIX in the B.C., before Carly, days) uses HP-UX.

There is not a patch from HP for this issue, but the issue can be "mitigated" by modifying the "ip_pmtu_strategy" settings to totally disable PMTU negotiation and by setting the PMTU to a static value of 1,500 bytes (or 576 bytes). These settings are controlled by ndd and can be configured via settings within the "nddconf" file.

So, if you do specialty packet length sliding using a PDS as your front door, you may have to rethink things again.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.