MPG123 Layer 2 Frame Header Heap Overflow Vulnerability
BID:12218
Info
MPG123 Layer 2 Frame Header Heap Overflow Vulnerability
| Bugtraq ID: | 12218 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0991 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery is credited to Yuri D'Elia. |
| Vulnerable: |
SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 mpg123 mpg123 0.59 s mpg123 mpg123 0.59 r mpg123 mpg123 0.59 q mpg123 mpg123 0.59 p mpg123 mpg123 0.59 o mpg123 mpg123 0.59 n mpg123 mpg123 0.59 m |
| Not Vulnerable: | |
Discussion
MPG123 Layer 2 Frame Header Heap Overflow Vulnerability
mpg123 is prone to a heap-based buffer overflow vulnerability related to handling of layer 2 streams. This issue is exposed when the player loads MP2/MP3 files with malformed header data.
This vulnerability could be exploited to execute arbitrary code in the context of the user running the player.
mpg123 is prone to a heap-based buffer overflow vulnerability related to handling of layer 2 streams. This issue is exposed when the player loads MP2/MP3 files with malformed header data.
This vulnerability could be exploited to execute arbitrary code in the context of the user running the player.
Exploit / POC
MPG123 Layer 2 Frame Header Heap Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
MPG123 Layer 2 Frame Header Heap Overflow Vulnerability
Solution:
SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Gentoo has released an advisory to provide updates for this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r9"
Mandrake has released an advisory MDKSA-2005:009 to address this issue. Please see the referenced advisory for more information.
mpg123 mpg123 0.59 r
Solution:
SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Gentoo has released an advisory to provide updates for this issue. Updates may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r9"
Mandrake has released an advisory MDKSA-2005:009 to address this issue. Please see the referenced advisory for more information.
mpg123 mpg123 0.59 r
-
Mandrake mpg123-0.59r-21.3.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mpg123-0.59r-21.3.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mpg123-0.59r-22.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mpg123-0.59r-22.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mpg123-0.59r-22.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mpg123-0.59r-22.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mpg123-0.59r-22.2.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php