what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

yamt.txt

yamt.txt
Posted Dec 30, 2004
Authored by Manigandan Radhakrishnan

A buffer overflow vulnerability in the YAMT 0.5 id3tag_sort() function can lead to a system compromise.

tags | advisory, overflow
SHA-256 | 1c71d04732d85755d294beb6c3cb7d2555831537db575c19bf857787cdad2df5

yamt.txt

Change Mirror Download
From djb@cr.yp.to Wed Dec 15 14:22:46 2004
Date: 15 Dec 2004 08:28:39 -0000
From: D. J. Bernstein <djb@cr.yp.to>
To: securesoftware@list.cr.yp.to, bratislav@users.sourceforge.net
Subject: [remote] [control] YAMT 0.5 id3tag_sort does not check for nasty
characters

Manigandan Radhakrishnan, a student in my Fall 2004 UNIX Security Holes
course, has discovered a remotely exploitable security hole in YAMT, an
MP3-organization tool. I'm publishing this notice, but all the discovery
credits should be assigned to Radhakrishnan.

YAMT is no longer maintained, according to its developers, but it is
still included in (for example) FreeBSD ports.

You are at risk if you take an MP3 file from a web page (or any other
source that could be controlled by an attacker) and feed it to the YAMT
Sort option. Whoever provides that MP3 file then has complete control
over your account: he can read and modify your files, watch the programs
you're running, etc.

Here's the bug: id3tag_sort(), in id3tag.c, runs the command

mv "%s/%s" "%s%s/%s/%s"

with various %s strings replaced by, e.g., the MP3 Artist tag. YAMT does
not check for nasty characters---in particular, double quotes---inside
the Artist tag.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close