Lucene search
Gentoo FoundationGLSA-200410-27HistoryOct 27, 2004 - 12:00 a.m.
mpg123: Buffer overflow vulnerabilities
2004-10-2700:00:00
Gentoo Foundation
security.gentoo.org
10
0.037 Low
EPSS
Percentile
91.8%
Background
mpg123 is a MPEG Audio Player.
Description
Buffer overflow vulnerabilities in the getauthfromURL() and http_open() functions have been reported by Carlos Barros. Additionally, the Gentoo Linux Sound Team fixed additional boundary checks which were found to be lacking.
Impact
By enticing a user to open a malicious playlist or URL or making use of a specially-crafted symlink, an attacker could possibly execute arbitrary code with the rights of the user running mpg123.
Workaround
There is no known workaround at this time.
Resolution
All mpg123 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r5"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | media-sound/mpg123 | < 0.59s-r5 | UNKNOWN |
Related
nessus
nessus
Debian DSA-578-1 : mpg123 - buffer overflow
2004-11-10 00:00:00
GLSA-200410-27 : mpg123: Buffer overflow vulnerabilities
2004-10-28 00:00:00
cvelist
cvelist
CVE-2004-0982
2004-11-19 05:00:00
CVE-2006-3355
2006-07-06 20:00:00
openvas
openvas
FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound
2008-09-04 00:00:00
Debian Security Advisory DSA 578-1 (mpg123)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200410-27 (mpg123)
2008-09-24 00:00:00
freebsd
freebsd
mpg123 -- buffer overflow in URL handling
2004-10-02 00:00:00
debiancve
debiancve
CVE-2004-0982
2005-02-09 05:00:00
CVE-2006-3355
2006-07-06 20:05:00
ubuntucve
ubuntucve
CVE-2004-0982
2005-02-09 00:00:00
CVE-2006-3355
2006-07-06 00:00:00
cve
cve
CVE-2004-0982
2005-02-09 05:00:00