** Please note that this issue is confidential and no information should be disclosed until it is made public, see "Whiteboard" for a date ** Secunia wrote: Secunia Research has discovered some vulnerabilities in Streamripper when parsing certain HTTP responses. 1) A boundary error exists within the function "http_parse_sc_header()" in lib/http.c when parsing an overly long HTTP header starting with "Zwitterion v". 2) A boundary error exists within the function "http_get_pls()" in lib/http.c when parsing a specially crafted pls playlist containing an overly long entry. 3) A boundary error exists within the function "http_get_m3u() in lib/http.c when parsing a specially crafted m3u playlist containing an overly long "File" entry. The vulnerabilities can be exploited to execute arbitrary code by tricking a user into connecting to a malicious server. Secunia has developed exploits, which are available upon request. Additionally, the "http_parse_url()" function in lib/http.c does not properly parse URLs with an overly long username, password, or hostname. However, we do not consider this to be an issue as tricking a user into executing Streamripper with a malicious URL seems unlikely (note that there are GUI frontends available which may be leveraged as less obvious attack vectors). The vulnerabilities are confirmed in version 1.63.5. Other versions may also be affected. Disclosure date: Preliminary disclosure date set to Wednesday, November 19th 2008. SAID: SA32562 - http://secunia.com/advisories/32562/
public, but we have a new bug. *** This bug has been marked as a duplicate of bug 249039 ***
