Info

Disclosure

Oct 21, 2004

Discovery

Oct 02, 2004

Dates

Exploit

Oct 21, 2004

Solution

Unknown

Description

A remote overflow exists in mpg123. mpg123 fails to check the length of the dynamically allocated purl variable before copying it into the static global httpauth1 variable resulting in a buffer overflow. With a specially crafted playlist file containing an overly long URL, an attacker can execute arbitrary code with user privileges or perform a denial of service attack resulting in a loss of integrity and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Michael Hipp	mpg123	0.59r
		0.59s

References

Security Tracker: 1011832
Related OSVDB ID: 11036 11037
Bugtraq ID: 11468
Secunia Advisory ID: 12908 13003 13046 13053
ISS X-Force ID: 17574
CVE ID: 2004-0982 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0208.html
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200410-27.xml
http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:120
Vendor Specific Advisory URL: http://www.debian.org/security/2004/dsa-578
Vendor URL: http://www.mpg123.de/

Credit

Carlos Barros - barrosbarrossecurity.com - Barros Security Researcher

Direct URL: http://osvdb.org/11023

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Michael Hipp

mpg123

References

Credit