Ulf Harnhammar wrote: > No, you don't need to set up a rogue CDDB server, as CDDB servers let anyone > add or modify information about records.
But according to the freedb.org FAQs every submission is reviewed before being
applied to the database. So it seems quite unlikely submissions of crafted
entries
to exploit this vulnerability would pass this stage.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
