Next Page >>
audio
CVE reference. Not yet assigned
Details.
PHPCaptcha, also known as Securimage, is a popular Open Source PHP
CAPTCHA library. It is also used in popular WordPress plugins such as
the 'Fast Secure Contact Form'. Insufficient distortion in the audio
version of the CAPTCHA allows an attacker to quickly decode the CAPTCHA
by performing basic binary analysis of the generated audio file. The
issue is compounded by the fact that even if the audio feature of the
CAPTCHA has been disabled, it can still be accessed by forceful
browsing to the /secure_play.php URI.
PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web
Conferencing)
Vulnerability found: 21st July 2010
Vendor informed: 26th July 2010
Vulnerability fixed:
Severity: High
#
#################################################
#
# Product: OmniPCX Enterprise
# Vendor: Alcatel
# Subject: VoIP Phone Audio Stream Rerouting Vulnerability
# Risk High
# Effect Currently exploitable
# Author: Daniel Stirnimann (daniel.stirnimann (at) csnc (dot) ch)
# Date: November, 19th 2007
#
CVE-2010-3442
Dan Rosenberg discovered an issue in the ALSA sound system. Local users with
permission to open /dev/snd/controlC0 can create an integer overflow
condition that causes a denial of service. By default on Debian systems,
this access is restricted to members of the group 'audio'.
CVE-2010-3448
Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain
Thinkpad systems, local users can cause a denial of service (X.org crash) by
There is a vulnerability in Windows Media Audio Voice decoder
distributed with Windows Media Player that allows remote code
execution by opening a specially crafted web page.
###################
#The vulnerability#
###################
The cause of the vulnerability is a bound checking error in the code
used to decompress Windows Media Audio Voice compressed audio files
Where: Local
========================================================
3) Vendor's Description of Software
"n.player is a versatile media player that plays audio CDs, DVD, WMA,
MP3, AVI, DiVX and other media with the preinstalled DirectShow
decoder.
n.player also supports enhanced features for playing video and audio.
BugTraq, the Japan 2008 briefings audio is now on-line, plus a webinar from
Dave Litchfield is about to happen:
NEW FREE WEBCAST - Oracle Database Forensics
Black Hat's webcast series continues with another powerful presentation from
a popular Black Hat speaker. This month's presenter is David Litchfield of
NGS software, speaking on Oracle database forensics, and he will be
releasing a new tool called orablock which he describes this way:
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-14
PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel
Audio and Web Conferencing)
Advisory publicly released: Tuesday, 21 December 2010
Vulnerability found: Wednesday, 21 July 2010
Vendor informed: Monday, 26 July 2010
Severity level: High/Critical
Credits
The Simple Machine’s Forum audio Captcha that has been hardened from attack. I have contacted SMF about this flaw and it has been verified.
I go into greater detail of how i am able to break this captcha here:
http://www.rooksecurity.com/blog/?p=6
Exploit Code: http://www.rooksecurity.com/exploits/smf_captcha.zip
This captcha has been broken before and exploit code is available here: http://www.securityfocus.com/archive/1/471641 . The fix was to add a randomly generated static.
I was able to write code to decipher the audio file using a Fuzzy Logic comparison http://en.wikipedia.org/wiki/Fuzzy_logic . The comparison is the Hamming Distance http://en.wikipedia.org/wiki/Hamming_distance between the original audio file and the damaged one generated by the Captcha.
SUMMARY
WowWee Rovio - Insufficient Access Controls - Covert Audio/Video
Snooping Possible
OVERVIEW
Rovio from WowWee does not adequately secure all accessible URLs or media
streams, enabling an unauthorized user with network access to the robotic
webcam platform the ability to listen to and view audio/video streamed from
------------
Follow the recommended actions for the affected systems, as identified in the Nortel Advisory.
Technical Description:
----------------------
A malicious user sends n spoofed "Open Audio Stream" messages to an IP phone which it intents to put into surveillance mode. If the ID of the message matches the ID number between the signaling server and the IP phone, the message is accepted and the audio stream is opened to the host given in the "Open Audio Stream" message.
To increase the probability of exploiting this vulnerability the number of spoofed messages need to be as close as possible to the maximum. The RUDP datagram uses a 32bit field for the ID number. However, the implementation of Nortel makes only use of 16bit. That means if we send 65536 messages with different IDs we will hit the correct ID by 100%. However, there is a small catch, if the number of spoofed messages is too high, the IP phone will crash and a manual reboot is required to bring it back online.
Reference:
http://www.csnc.ch/static/advisory/secadvisorylist.html
an invalid metadata atom size, resulting in a heap-based buffer overflow. If a
user or automated system were tricked into opening a specially crafted MOV file,
an attacker could execute arbitrary code as the user invoking the program.
(CVE-2008-5234, CVE-2008-5242)
It was discovered that the Real, RealAudio, and Matroska demuxers in xine-lib
did not correctly handle malformed files, resulting in heap-based buffer
overflows. If a user or automated system were tricked into opening a specially
crafted Real, RealAudio, or Matroska file, an attacker could execute arbitrary
code as the user invoking the program. (CVE-2008-5236)
-----------------------------
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide
variety of content on a website. (From: http://drupal.org/about)
The MP3 Player module allows users to use the WordPress Audio Player in Drupal.
The name of the mp3 file is not properly sanitized when the javascript
to create the audio player is generated, resulting in a cross site
scripting vulnerability.
#2009-011 Android improper camera and audio permission verification
Description:
Android, an open source mobile phone platform, improperly checks permissions
when applications access the camera and audio resources.
The permissions are Manifest.permission.CAMERA and
Manifest.permission.AUDIO_RECORD respectively.
3. *Vulnerability Description*
Adobe Audition is a digital audio workstation software for Windows that
was originally developed by Syntrillium as Cool Edit Pro, and acquired
by Adobe in 2003. The software allows user to do multitrack audio mixing
and editing and supports storing of multitrack audio using a session
file format (.ses).
* simo36.c
* CODED By SimO-s0fT (Morrocco-->marrakesh city)
* Home : Exploiter-ma.com
* e-mail: maroc-anti-connexion[at]hotmail.com[dot]com
*greetz : Stack & Djekmani4ever & alphanix & all friends
* dBpowerAMP Audio Player local buffer overflow exploit
*
* this feat was exploit windows trus sp2
* there is a small problem on the farm but fortunately I managed to use it
* and remember that this feat has been operating as trus win
* I test and winxp sp1 I found another problem
This vulnerability affects the Cisco RVS4000 4-port Gigabit Security
Router and all Cisco Small Business Video Surveillance Cameras, except
for the Cisco PVC300 Pan Tilt Optical Zoom Camera. These cameras are
affected:
* Cisco PVC2300 Business Internet Video Camera - Audio/PoE
* Cisco WVC200 Wireless-G PTZ Internet Video Camera - Audio
* Cisco WVC210 Wireless-G PTZ Internet Video Camera - 2-way Audio
* Cisco WVC2300 Wireless-G Business Internet Video Camera - Audio
Products Confirmed Not Vulnerable
the necessary changes.
Details follow:
It was discovered that libsndfile did not correctly handle description
chunks in CAF audio files. If a user or automated system were tricked into
opening a specially crafted CAF audio file, an attacker could execute
arbitrary code with the privileges of the user invoking the program.
Updated packages for Ubuntu 6.06 LTS:
Debian-specific: no
CVE Id(s) : CVE-2007-5824 CVE-2007-5825 CVE-2008-1771
Debian Bug : 459961 476241 496217
In DSA-1597-1, an update was announced for multiple vulnerabilities in
the mt-daapd audio server. One of the fixes introduced a regression
preventing successful authentication to the administration interface.
An updated release is available which corrects this problem. For
reference, the original advisory text follows.
Three vulnerabilities have been discovered in the mt-daapd DAAP audio
ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-069
October 13, 2009
-- CVE ID:
CVE-2009-0555
-- Affected Vendors:
Microsoft
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | Javantea originally reported an issue in IAX2, whereby |
| | an attacker could send a spoofed IAX2 NEW message, and |
| | Asterisk would start sending early audio to the target |
| | address, without ever receiving an initial response. |
| | That original vulnerability was addressed in June 2007, |
| | by requiring a response to the initial NEW message |
| | before starting to send any audio. |
| | |
[ http://warvox.org ]
WarVOX is a suite of tools for exploring, classifying, and auditing
telephone systems. Unlike normal wardialing tools, WarVOX works with the
actual audio from each call and does not use a modem directly. This
model allows WarVOX to find and classify a wide range of interesting
lines, including modems, faxes, voice mail boxes, PBXs, loops, dial
tones, IVRs, and forwarders. WarVOX provides the unique ability to
classify all telephone lines in a given range, not just those connected
to modems, allowing for a comprehensive audit of a telephone system.
* The title of your submission
* A short bio of you or your group
* Optionally, a picture of you / your group
* A short (150 words max) summary/description of your subject
* A detailed description of your subject
* Any requirements (audio/video resources, whiteboard etc)
* Contact e-mail adres
* If you want to do a lightningtalk (10 min max), a lecture (45 minutes) or a workshop (longer, hands-on)
* Language of your presentation (Dutch or English are accepted)
== Location and Technology ==
[ Wintercore Advisory ]
Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
:: Non-Technical Description
Realtek HD Audio Codec Drivers are prone to a local privilege escalation
due to insufficient validation of user-mode buffers. Successful
allowing for the execution of arbitrary code.
Background
==========
The Xiph.org Free Lossless Audio Codec (FLAC) library is the reference
implementation of the FLAC audio file format. It contains encoders and
decoders in library and executable form.
Affected packages
=================
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
A security vulnerability was discovered in how flac processed audio
data. An attacker could create a carefully crafted FLAC audio file
that could cause an application linked against the flac libraries to
crash or execute arbitrary code when opened.
Updated packages have been patched to prevent this issue.
Where: From remote
======================================================================
3) Vendor's Description of Software
"The SHOUTcast Radio Distributed Network Audio Software (DNAS)
is a software application that runs on your server attached to the
Internet or an IP network and is responsible for receiving audio
from a broadcaster such as your Win amp media player running the
SHOUTcast Radio DSP plug-in.".
CVE-2008-0296 CVE-2008-0073 CVE-2008-0984 CVE-2008-1489
Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido
Landi, Felipe Manzano, Anibal Sacco and others discovered multiple
vulnerabilities in vlc, an application for playback and streaming of
audio and video. In the worst case, these weaknesses permit a remote,
unauthenticated attacker to execute arbitrary code with the privileges
of the user running vlc.
The Common Vulnerabilities and Exposures project identifies the
following eight problems:
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 11, 2007
I. BACKGROUND
Free Lossless Audio Codec (FLAC) is a popular file format for audio data
compression. AOL Corp.'s Winamp media player has support for the FLAC
format. More information about FLAC and Winamp is available at the
following URLs.
http://flac.sourceforge.net/
Debian-specific: no
CVE Id(s) : CVE-2007-6454 CVE-2008-2040
Debian Bug : 466539
Several remote vulnerabilities have been discovered in Gnome PeerCast,
the Gnome interface to PeerCast, a P2P audio and video streaming
server. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-6454
Next Page>>
|
