<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1264" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2><BR><FONT face="Times New Roman" size=3>To:
</FONT><A href="mailto:bugtraq@securityfocus.com"><FONT face="Times New Roman"
size=3>bugtraq@securityfocus.com</FONT></A><FONT face="Times New Roman" size=3>
</FONT><A href="mailto:announce@lists.caldera.com"><FONT face="Times New Roman"
size=3>announce@lists.caldera.com</FONT></A><FONT face="Times New Roman" size=3>
</FONT><A href="mailto:full-disclosure@lists.netsys.com"><FONT
face="Times New Roman"
size=3>full-disclosure@lists.netsys.com</FONT></A><BR><BR><FONT
face="Times New Roman" size=3>-----BEGIN PGP SIGNED MESSAGE-----<BR>Hash:
SHA1<BR><BR>______________________________________________________________________________<BR><BR>Hermansen
Security Advisory<BR><BR>Subject: Buffer Overflow in popular CD-Writing
Software<BR>Advisory number: HERM-2003-MISC<BR>Issue date: 2003 November
02<BR>______________________________________________________________________________<BR><BR><BR>1.
Problem Description<BR><BR>Many popular CD-Writing software programs are
vulnerable to "Buffer Underflow" based vulnerabilities. The problem lies
in the fact that the program may be trying to write faster to the disc than
the PC can handle, thus the storage buffer is depleted and a "Buffer Underflow"
occurs.<BR><BR><BR>2. Vulnerable Supported Versions<BR><BR>System
Binaries<BR>----------------------------------------------------------------------<BR>ALL
POPULAR WRITING SOFTWARE<BR><BR>3. Solution<BR><BR>The proper solution is to get
a newer burner which has "protection" against this critical vulnerability and
use software which supports it.</FONT><FONT face="Times New Roman"
size=3><BR><BR>8. Disclaimer<BR><BR>Hermansen is not responsible for the
misuse of any of the information<BR>we provide on this website and/or through
our security<BR>advisories. Our advisories are a service to our
customers<BR>intended to promote secure installation and use of
Hermansen<BR>products.<BR><BR><BR>9. Acknowledgments<BR><BR>Hermansen would
like to thank all dumb humans for the
advisory.<BR><BR>______________________________________________________________________________<BR><BR>-----BEGIN
PGP SIGNATURE-----<BR>Version: GnuPG v1.2.2-rc1-SuSE
(GNU/Linux)<BR><BR>iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs<BR>q7S5CxTJrBp2c0KqG+NM+Zw=<BR>=4pz6<BR>-----END
PGP
SIGNATURE-----<BR><BR>_______________________________________________<BR>Full-Disclosure
- We believe in it.<BR>Charter: </FONT><A
href="http://lists.netsys.com/full-disclosure-charter.html"><FONT
face="Times New Roman"
size=3>http://lists.netsys.com/full-disclosure-charter.html</FONT></A></FONT></DIV></BODY></HTML>