SteveLoh Posted October 31, 2007 Report Share Posted October 31, 2007 (edited) According to Engadget (http://www.engadget.com/2007/10/31/sonys-sonicstage-cp-contains-playlist-security-hole/) SonicStage CP 4.3 contains playlist security hole !"The bug is triggered by .m3u playlists that contain over 1000 characters and there are already sample exploits floating around, so those of you still rocking the ATRAC action may want to avoid downloaded playlists until things get patched up." Edited October 31, 2007 by SteveLoh Quote Link to comment Share on other sites More sharing options...
Shinji Ikeda Posted November 1, 2007 Report Share Posted November 1, 2007 This was already raised here.At times I wish that site would do some research. The error relates to a m3u playlist that contains a file name over 1000 characters. Read the advice from the link in this paragraph it gives more professional advice.I would like to add avoid downloading m3u file you plan to import into SonicStage. If you need to then CHECK the m3u playlist by editing it using a text editor for long filenames. Deleting the line(s) that contain the entry will resolve the issue.I do not how serious this BUG is in a real world situation, but I do not know if anyone uses m3u file. Quote Link to comment Share on other sites More sharing options...
mgillespie Posted November 4, 2007 Report Share Posted November 4, 2007 The fact it's a classed as Highly Critical, http://secunia.com/advisories/27270/Means that Sony can't afford to waste time releasing an update to fix this. I will be emailing them this afternoon, to try and find out if an new SonicStage is forthcoming.. Quote Link to comment Share on other sites More sharing options...
Maresch Posted November 4, 2007 Report Share Posted November 4, 2007 Please let us know if Sony get´s back to you. Quote Link to comment Share on other sites More sharing options...
Shinji Ikeda Posted November 5, 2007 Report Share Posted November 5, 2007 The fact it's a classed as Highly Critical, http://secunia.com/advisories/27270/Means that Sony can't afford to waste time releasing an update to fix this. I will be emailing them this afternoon, to try and find out if an new SonicStage is forthcoming..A software security company did some research and was able to discover a bug in SonicStage that can be exploited. The problem relates to how SonicStage parses the m3u file. Only a software patch is needed to be released, which should be coming. It could be only one line of code. Imagine Microsoft or Apple releasing completely new version of their software of bugs in their software. If you do not use m3u files I would not worry about it, or avoid m3u files from unsure sources. Quote Link to comment Share on other sites More sharing options...
Avrin Posted November 14, 2007 Report Share Posted November 14, 2007 SONY is working on it: http://support.sony-europe.com/dna/hotnews...p;f=NW_security Quote Link to comment Share on other sites More sharing options...
Ascariss Posted November 14, 2007 Report Share Posted November 14, 2007 Good news from sony, they had to fix it, since they might be liable for damages the bug creates. Quote Link to comment Share on other sites More sharing options...
Avrin Posted November 22, 2007 Report Share Posted November 22, 2007 (edited) There is some update (Version 4.3.01.14280) - full installer without drivers, released 11/20/2007, on the VAIO ftp site: ftp://ftp.vaio-link.com/pub/DOWNLOADS/SO/...01198207-UN.EXE. I am not sure what it does, since the files inside do not seem to be updated at all.I think the old 4.3 drivers will still work: ftp://ftp.vaio-link.com/pub/DNA/VISTA/MD/PA_DRIVER.EXE. Edited November 22, 2007 by Avrin Quote Link to comment Share on other sites More sharing options...
Zizone_ Posted November 22, 2007 Report Share Posted November 22, 2007 Yes, Sony is aware of this issue and they said there will be an update for SonicStage. Quote Link to comment Share on other sites More sharing options...
mgillespie Posted November 22, 2007 Report Share Posted November 22, 2007 There is some update (Version 4.3.01.14280) - full installer without drivers, released 11/20/2007, on the VAIO ftp site: ftp://ftp.vaio-link.com/pub/DOWNLOADS/SO/...01198207-UN.EXE. I am not sure what it does, since the files inside do not seem to be updated at all.I think the old 4.3 drivers will still work: ftp://ftp.vaio-link.com/pub/DNA/VISTA/MD/PA_DRIVER.EXE.Working well here, with my NW-A3000.SonicStage : 4.3.01.14050SonicStage Add-on for 4.3 Upgrade : 4.3.01.14050OpenMG Secure Module : 4.7.00.12140MagicGate Memory Stick Device : 4.7.00.12140NW-E2, NW-E3, NW-E5 and NW-E8P : 4.7.00.12140OpenMG CD : 4.7.00.12140M.S. PRO : 4.7.00.12140CD Walkman : 4.7.00.12140ATRAC Audio Device with Intelligent function : 4.7.00.12140Hi-MD : 4.7.00.12140Music Clip, NW-S4, NW-E7 and NW-E10 : 4.7.00.12140ATRAC Audio Device : 4.7.00.12140Net MD : 4.7.00.12140EMD Plug-in: 4.3.01.14020CD-R Writing Module(Audio CD/ATRAC CD/MP3 CD) : 4.3.01.14050Px Engine: 3.4.36.500 Quote Link to comment Share on other sites More sharing options...
Avrin Posted November 23, 2007 Report Share Posted November 23, 2007 (edited) SonicStage : 4.3.01.14050SonicStage Add-on for 4.3 Upgrade : 4.3.01.14050OpenMG Secure Module : 4.7.00.12140MagicGate Memory Stick Device : 4.7.00.12140NW-E2, NW-E3, NW-E5 and NW-E8P : 4.7.00.12140OpenMG CD : 4.7.00.12140M.S. PRO : 4.7.00.12140CD Walkman : 4.7.00.12140ATRAC Audio Device with Intelligent function : 4.7.00.12140Hi-MD : 4.7.00.12140Music Clip, NW-S4, NW-E7 and NW-E10 : 4.7.00.12140ATRAC Audio Device : 4.7.00.12140Net MD : 4.7.00.12140EMD Plug-in: 4.3.01.14020CD-R Writing Module(Audio CD/ATRAC CD/MP3 CD) : 4.3.01.14050Px Engine: 3.4.36.500Looks like the original version with a new installation script. Edited November 23, 2007 by Avrin Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.