ID CVE-2002-1028 Type cve Reporter NVD Modified 2008-09-05T16:29:35
Description
Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1028", "history": [], "references": ["http://www.iss.net/security_center/static/9585.php", "http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html", "http://www.securityfocus.com/bid/5248", "http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20:"], "lastseen": "2016-09-03T03:31:23", "bulletinFamily": "NVD", "title": "CVE-2002-1028", "cpe": ["cpe:/a:oddsock:song_requester:2.1"], "viewCount": 0, "id": "CVE-2002-1028", "hash": "ff160344b0992359faf9f52ec0093d5abe56379995cc77855fe08b48e118737a", "description": "Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2002-1028"], "scanner": [], "modified": "2008-09-05T16:29:35", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2002-10-04T00:00:00", "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-09-03T03:31:23"}, "vulnersScore": 5.0}}
{"exploitdb": [{"lastseen": "2016-02-02T16:54:09", "osvdbidlist": ["6769"], "references": [], "description": "Oddsock Song Requester 2.1 WinAmp Plugin Denial Of Service Vulnerability. CVE-2002-1028. Dos exploit for cgi platform", "edition": 1, "reporter": "Lucas Lundgren", "published": "2002-07-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "Oddsock Song Requester 2.1 - WinAmp Plugin Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2002-1028"], "modified": "2002-07-16T00:00:00", "id": "EDB-ID:21620", "href": "https://www.exploit-db.com/exploits/21620/", "sourceData": "source: http://www.securityfocus.com/bid/5248/info\r\n\r\nA vulnerability has been reported for Oddsock Song Requester 2.1.\r\n\r\nThe vulnerability occurs when an attacker makes a request to 'request.cgi' using a long value for the 'listpos' parameter. It is possible to cause Song Requester and WinAmp to crash. As this condition may be due to a buffer overflow, code execution should be considered a possibility.\r\n\r\nNote: it was reported that the value for the 'psearch' parameter also causes a crash, however this could not be reproduced by SecurityFocus.\r\n\r\nhttp://<musicserver>/request.cgi?listpos=999...999(9x256) ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/21620/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Oddspot Song Requester. The Song Requester fails to check the length of multiple variables in the request.cgi script resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.\n## Solution Description\nUpgrade to version 2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in Oddspot Song Requester. The Song Requester fails to check the length of multiple variables in the request.cgi script resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.\n## Manual Testing Notes\nhttp://[victim]/request.cgi?listpos=9999999999999999999999999999(9x256)\n\nhttp://[victim]/request.cgi?psearch=999999999999999999999999999999(9x254)\n## References:\nVendor URL: http://www.oddsock.org/tools/gen_songrequester/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html\nISS X-Force ID: 9585\n[CVE-2002-1028](https://vulners.com/cve/CVE-2002-1028)\nBugtraq ID: 5248\n", "reporter": "Lucas Lundgren(ll@outpost24.com)", "published": "2002-07-16T00:00:00", "type": "osvdb", "title": "Song Requester Winamp Plugin request.cgi Multiple Variable Overflow DoS", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Song Requester", "version": "2.0", "operator": "eq"}, {"name": "Song Requester", "version": "2.1", "operator": "eq"}], "cvelist": ["CVE-2002-1028"], "modified": "2002-07-16T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6769", "id": "OSVDB:6769", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
