<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1170" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>LOL. I can't stop laughing... :-)</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=khermansen@ht-technology.com
href="mailto:khermansen@ht-technology.com">Kristian Hermansen</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=full-disclosure@lists.netsys.com
href="mailto:full-disclosure@lists.netsys.com">Full Disclosure</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Sunday, November 02, 2003 4:09
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Full-Disclosure] Buffer
Underflow in popular CD-Writing Sotware</DIV>
<DIV><BR></DIV>
<DIV><FONT face=Arial size=2><BR><FONT face="Times New Roman" size=3>To:
</FONT><A href="mailto:bugtraq@securityfocus.com"><FONT face="Times New Roman"
size=3>bugtraq@securityfocus.com</FONT></A><FONT face="Times New Roman"
size=3> </FONT><A href="mailto:announce@lists.caldera.com"><FONT
face="Times New Roman" size=3>announce@lists.caldera.com</FONT></A><FONT
face="Times New Roman" size=3> </FONT><A
href="mailto:full-disclosure@lists.netsys.com"><FONT face="Times New Roman"
size=3>full-disclosure@lists.netsys.com</FONT></A><BR><BR><FONT
face="Times New Roman" size=3>-----BEGIN PGP SIGNED MESSAGE-----<BR>Hash:
SHA1<BR><BR>______________________________________________________________________________<BR><BR>Hermansen
Security Advisory<BR><BR>Subject: Buffer Overflow in popular CD-Writing
Software<BR>Advisory number: HERM-2003-MISC<BR>Issue date: 2003 November
02<BR>______________________________________________________________________________<BR><BR><BR>1.
Problem Description<BR><BR>Many popular CD-Writing software programs are
vulnerable to "Buffer Underflow" based vulnerabilities. The problem lies
in the fact that the program may be trying to write faster to the disc
than the PC can handle, thus the storage buffer is depleted and a "Buffer
Underflow" occurs.<BR><BR><BR>2. Vulnerable Supported Versions<BR><BR>System
Binaries<BR>----------------------------------------------------------------------<BR>ALL
POPULAR WRITING SOFTWARE<BR><BR>3. Solution<BR><BR>The proper solution is to
get a newer burner which has "protection" against this critical vulnerability
and use software which supports it.</FONT><FONT face="Times New Roman"
size=3><BR><BR>8. Disclaimer<BR><BR>Hermansen is not responsible for the
misuse of any of the information<BR>we provide on this website and/or through
our security<BR>advisories. Our advisories are a service to our
customers<BR>intended to promote secure installation and use of
Hermansen<BR>products.<BR><BR><BR>9.
Acknowledgments<BR><BR>Hermansen would like to thank all dumb humans for
the
advisory.<BR><BR>______________________________________________________________________________<BR><BR>-----BEGIN
PGP SIGNATURE-----<BR>Version: GnuPG v1.2.2-rc1-SuSE
(GNU/Linux)<BR><BR>iD8DBQE/bzTsaqoBO7ipriERAidHAJ4wpBW9J3GCPEwn6Mak9t5+XAZAwgCghQSs<BR>q7S5CxTJrBp2c0KqG+NM+Zw=<BR>=4pz6<BR>-----END
PGP
SIGNATURE-----<BR><BR>_______________________________________________<BR>Full-Disclosure
- We believe in it.<BR>Charter: </FONT><A
href="http://lists.netsys.com/full-disclosure-charter.html"><FONT
face="Times New Roman"
size=3>http://lists.netsys.com/full-disclosure-charter.html</FONT></A></FONT></DIV></BLOCKQUOTE></BODY></HTML>