ID 877E918E-5362-11D9-96D4-00065BE4B5B6 Type freebsd Reporter FreeBSD Modified 2005-01-13T00:00:00
Description
A buffer overflow vulnerability exists in the playlist
processing of mpg123. A specially crafted playlist entry
can cause a stack overflow that can be used to inject
arbitrary code into the mpg123 process.
Note that a malicious playlist, demonstrating this
vulnerability, was released by the bug finder and may be
used as a template by attackers.
{"id": "877E918E-5362-11D9-96D4-00065BE4B5B6", "bulletinFamily": "unix", "title": "mpg123 -- playlist processing buffer overflow vulnerability", "description": "\nA buffer overflow vulnerability exists in the playlist\n\t processing of mpg123. A specially crafted playlist entry\n\t can cause a stack overflow that can be used to inject\n\t arbitrary code into the mpg123 process.\nNote that a malicious playlist, demonstrating this\n\t vulnerability, was released by the bug finder and may be\n\t used as a template by attackers.\n", "published": "2004-12-15T00:00:00", "modified": "2005-01-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://vuxml.freebsd.org/freebsd/877e918e-5362-11d9-96d4-00065be4b5b6.html", "reporter": "FreeBSD", "references": ["http://xforce.iss.net/xforce/xfdb/18626", "http://tigger.uic.edu/~jlongs2/holes/mpg123.txt", "http://secunia.com/advisories/13511/", "http://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132"], "cvelist": ["CVE-2004-1284"], "type": "freebsd", "lastseen": "2019-05-29T18:35:06", "edition": 4, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-1284"]}, {"type": "osvdb", "idList": ["OSVDB:12473"]}, {"type": "exploitdb", "idList": ["EDB-ID:24852"]}, {"type": "openvas", "idList": ["OPENVAS:54781", "OPENVAS:52253"]}, {"type": "gentoo", "idList": ["GLSA-200412-22"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_877E918E536211D996D400065BE4B5B6.NASL", "GENTOO_GLSA-200412-22.NASL"]}], "modified": "2019-05-29T18:35:06", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2019-05-29T18:35:06", "rev": 2}, "vulnersScore": 6.9}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "mpg123", "packageVersion": "0.59r_15"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "mpg123-nas", "packageVersion": "0.59r_15"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "mpg123-esound", "packageVersion": "0.59r_15"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:22:59", "description": "Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.", "edition": 4, "cvss3": {}, "published": "2005-01-10T05:00:00", "title": "CVE-2004-1284", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-1284"], "modified": "2017-07-11T01:30:00", "cpe": ["cpe:/a:mpg123:mpg123:0.59o", "cpe:/a:mpg123:mpg123:0.59r", "cpe:/a:mpg123:mpg123:0.59m", "cpe:/a:mpg123:mpg123:0.59p", "cpe:/a:mpg123:mpg123:0.59n", "cpe:/a:mpg123:mpg123:0.59q", "cpe:/a:mpg123:mpg123:pre0.59s"], "id": "CVE-2004-1284", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1284", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mpg123:mpg123:0.59o:*:*:*:*:*:*:*", "cpe:2.3:a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*", "cpe:2.3:a:mpg123:mpg123:0.59m:*:*:*:*:*:*:*", "cpe:2.3:a:mpg123:mpg123:0.59p:*:*:*:*:*:*:*", "cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*", "cpe:2.3:a:mpg123:mpg123:0.59q:*:*:*:*:*:*:*", "cpe:2.3:a:mpg123:mpg123:0.59n:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1284"], "description": "### Background\n\nmpg123 is a MPEG Audio Player. \n\n### Description\n\nBartlomiej Sieka discovered that mpg123 contains an unsafe strcat() to an array in playlist.c. This code vulnerability may lead to a buffer overflow. \n\n### Impact\n\nA remote attacker could craft a malicious playlist which, when used, would result in the execution of arbitrary code with the rights of the user running mpg123. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll mpg123 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-sound/mpg123-0.59s-r8\"", "edition": 1, "modified": "2004-12-21T00:00:00", "published": "2004-12-21T00:00:00", "id": "GLSA-200412-22", "href": "https://security.gentoo.org/glsa/200412-22", "type": "gentoo", "title": "mpg123: Playlist buffer overflow", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "cvelist": ["CVE-2004-1284"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2005_01_sr.html)\nSecurity Tracker: 1012556\n[Secunia Advisory ID:13616](https://secuniaresearch.flexerasoftware.com/advisories/13616/)\n[Secunia Advisory ID:13511](https://secuniaresearch.flexerasoftware.com/advisories/13511/)\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200412-22.xml\nOther Advisory URL: http://tigger.uic.edu/~jlongs2/holes/mpg123.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0195.html\n[CVE-2004-1284](https://vulners.com/cve/CVE-2004-1284)\n", "modified": "2004-12-16T03:10:50", "published": "2004-12-16T03:10:50", "href": "https://vulners.com/osvdb/OSVDB:12473", "id": "OSVDB:12473", "type": "osvdb", "title": "mpg123 find_next_file() Function Playlist Overflow", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1284"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200412-22.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54781", "href": "http://plugins.openvas.org/nasl.php?oid=54781", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200412-22 (mpg123)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"mpg123 is vulnerable to a buffer overflow that allows an attacker to\nexecute arbitrary code through the use of a malicious playlist.\";\ntag_solution = \"All mpg123 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/mpg123-0.59s-r8'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200412-22\nhttp://bugs.gentoo.org/show_bug.cgi?id=74692\nhttp://tigger.uic.edu/~jlongs2/holes/mpg123.txt\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200412-22.\";\n\n \n\nif(description)\n{\n script_id(54781);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-1284\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200412-22 (mpg123)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-sound/mpg123\", unaffected: make_list(\"ge 0.59s-r8\"), vulnerable: make_list(\"lt 0.59s-r8\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1284"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52253", "href": "http://plugins.openvas.org/nasl.php?oid=52253", "type": "openvas", "title": "FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound", "sourceData": "#\n#VID 877e918e-5362-11d9-96d4-00065be4b5b6\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n mpg123\n mpg123-nas\n mpg123-esound\n\nCVE-2004-1284\nBuffer overflow in the find_next_file function in playlist.c for\nmpg123 0.59r allows remote attackers to execute arbitrary code via a\ncrafted MP3 playlist.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://tigger.uic.edu/~jlongs2/holes/mpg123.txt\nhttp://secunia.com/advisories/13511/\nhttp://xforce.iss.net/xforce/xfdb/18626\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132\nhttp://www.vuxml.org/freebsd/877e918e-5362-11d9-96d4-00065be4b5b6.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52253);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-1284\");\n script_bugtraq_id(11958);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mpg123\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.59r_15\")<=0) {\n txt += 'Package mpg123 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mpg123-nas\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.59r_15\")<=0) {\n txt += 'Package mpg123-nas version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mpg123-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.59r_15\")<=0) {\n txt += 'Package mpg123-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T00:09:11", "description": "MPG123 0.59 Find Next File Remote Client-Side Buffer Overflow Vulnerability. CVE-2004-1284. Remote exploit for linux platform", "published": "2004-12-15T00:00:00", "type": "exploitdb", "title": "MPG123 0.59 Find Next File Remote Client-Side Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-1284"], "modified": "2004-12-15T00:00:00", "id": "EDB-ID:24852", "href": "https://www.exploit-db.com/exploits/24852/", "sourceData": "source: http://www.securityfocus.com/bid/11958/info\r\n\r\nA remote client-side buffer overflow vulnerability affects mpg123. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.\r\n\r\nAn attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/24852.list", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/24852/"}], "nessus": [{"lastseen": "2021-01-07T10:51:53", "description": "The remote host is affected by the vulnerability described in GLSA-200412-22\n(mpg123: Playlist buffer overflow)\n\n Bartlomiej Sieka discovered that mpg123 contains an unsafe\n strcat() to an array in playlist.c. This code vulnerability may lead to\n a buffer overflow.\n \nImpact :\n\n A remote attacker could craft a malicious playlist which, when\n used, would result in the execution of arbitrary code with the rights\n of the user running mpg123.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2004-12-21T00:00:00", "title": "GLSA-200412-22 : mpg123: Playlist buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1284"], "modified": "2004-12-21T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mpg123"], "id": "GENTOO_GLSA-200412-22.NASL", "href": "https://www.tenable.com/plugins/nessus/16021", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200412-22.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16021);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-1284\");\n script_xref(name:\"GLSA\", value:\"200412-22\");\n\n script_name(english:\"GLSA-200412-22 : mpg123: Playlist buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200412-22\n(mpg123: Playlist buffer overflow)\n\n Bartlomiej Sieka discovered that mpg123 contains an unsafe\n strcat() to an array in playlist.c. This code vulnerability may lead to\n a buffer overflow.\n \nImpact :\n\n A remote attacker could craft a malicious playlist which, when\n used, would result in the execution of arbitrary code with the rights\n of the user running mpg123.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://tigger.uic.edu/~jlongs2/holes/mpg123.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?484e5d15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200412-22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All mpg123 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/mpg123-0.59s-r8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mpg123\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/12/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-sound/mpg123\", unaffected:make_list(\"ge 0.59s-r8\"), vulnerable:make_list(\"lt 0.59s-r8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mpg123\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:46:52", "description": "A buffer overflow vulnerability exists in the playlist processing of\nmpg123. A specially crafted playlist entry can cause a stack overflow\nthat can be used to inject arbitrary code into the mpg123 process.\n\nNote that a malicious playlist, demonstrating this vulnerability, was\nreleased by the bug finder and may be used as a template by attackers.", "edition": 25, "published": "2005-07-13T00:00:00", "title": "FreeBSD : mpg123 -- playlist processing buffer overflow vulnerability (877e918e-5362-11d9-96d4-00065be4b5b6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1284"], "modified": "2005-07-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mpg123-esound", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mpg123", "p-cpe:/a:freebsd:freebsd:mpg123-nas"], "id": "FREEBSD_PKG_877E918E536211D996D400065BE4B5B6.NASL", "href": "https://www.tenable.com/plugins/nessus/19015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19015);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-1284\");\n script_bugtraq_id(11958);\n script_xref(name:\"Secunia\", value:\"13511\");\n\n script_name(english:\"FreeBSD : mpg123 -- playlist processing buffer overflow vulnerability (877e918e-5362-11d9-96d4-00065be4b5b6)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow vulnerability exists in the playlist processing of\nmpg123. A specially crafted playlist entry can cause a stack overflow\nthat can be used to inject arbitrary code into the mpg123 process.\n\nNote that a malicious playlist, demonstrating this vulnerability, was\nreleased by the bug finder and may be used as a template by attackers.\"\n );\n # http://tigger.uic.edu/~jlongs2/holes/mpg123.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?484e5d15\"\n );\n # http://xforce.iss.net/xforce/xfdb/18626\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c6ab8a8\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=110321888413132\"\n );\n # https://vuxml.freebsd.org/freebsd/877e918e-5362-11d9-96d4-00065be4b5b6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7349de87\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mpg123\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mpg123-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mpg123-nas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mpg123<=0.59r_15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mpg123-nas<=0.59r_15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mpg123-esound<=0.59r_15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
