SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Multimedia)  >   mpg123 Vendors:   mpg123.de
(Mandrake Issues Fix) mpg123 Buffer Overflow In Reading Remote Strings Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011394
SecurityTracker URL:  http://securitytracker.com/id/1011394
CVE Reference:   CAN-2003-0865   (Links to External Site)
Date:  Sep 23 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.59s pre
Description:   A buffer overflow vulnerability was reported in the mpg123 audio player. A remote user can supply a specially crafted audio stream that will execute arbitrary code on the player.

vade79/v9 reported that the flaw resides in the readstring() function in 'httpget.c' and can be triggered when reading strings from a remote streaming audio server. According to the report, a variable size buffer is written into a 1024 byte buffer without regards to the size of the destination buffer.

A demonstration exploit is available in the Source Message and at:

http://fakehalo.deadpig.org/xmpg123.c
Impact:   A remote user with a malicious streaming audio server can execute arbitrary code on the connected player. The code will run with the privileges of the user running the mpg123 application.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
0b5270c11943064f9c0f7374f63cdc4c 10.0/RPMS/mpg123-0.59r-21.1.100mdk.i586.rpm
8661f67e88ebc2821d4c5e212236465d 10.0/SRPMS/mpg123-0.59r-21.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
f6e601b01a3c8b24279b3465e784829a amd64/10.0/RPMS/mpg123-0.59r-21.1.100mdk.amd64.rpm
8661f67e88ebc2821d4c5e212236465d amd64/10.0/SRPMS/mpg123-0.59r-21.1.100mdk.src.rpm

Corporate Server 2.1:
714d75b86c7a99c40f522cc45f69d136 corporate/2.1/RPMS/mpg123-0.59r-21.1.C21mdk.i586.rpm
cba666174f4117e7776c9baa04f8983a corporate/2.1/SRPMS/mpg123-0.59r-21.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
f7279fee83461fa06a9bbcc904b0ead2 x86_64/corporate/2.1/RPMS/mpg123-0.59r-21.1.C21mdk.x86_64.rpm
cba666174f4117e7776c9baa04f8983a x86_64/corporate/2.1/SRPMS/mpg123-0.59r-21.1.C21mdk.src.rpm

Mandrakelinux 9.2:
afe98cf7c89affb136b7048b3f387583 9.2/RPMS/mpg123-0.59r-21.1.92mdk.i586.rpm
21a4273e29d60f0e79a5092b7713301b 9.2/SRPMS/mpg123-0.59r-21.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
590153b9ca949f851903d6010ced9ae8 amd64/9.2/RPMS/mpg123-0.59r-21.1.92mdk.amd64.rpm
21a4273e29d60f0e79a5092b7713301b amd64/9.2/SRPMS/mpg123-0.59r-21.1.92mdk.src.rpm
Vendor URL:  www.mpg123.de/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Mandriva/Mandrake)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 23 2003 mpg123 Buffer Overflow In Reading Remote Strings Lets Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  22 Sep 2004 21:15:02 -0000
Subject:  [Security Announce] MDKSA-2004:100 - Updated mpg123 packages fix


This is a multi-part message in MIME format...

------------=_1095889545-12666-6000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           mpg123
 Advisory ID:            MDKSA-2004:100
 Date:                   September 22nd, 2004

 Affected versions:	 10.0, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A vulnerability in mpg123 was discovered by Davide Del Vecchio where
 certain malicious mpg3/2 files would cause mpg123 to fail header
 checks, which could in turn allow arbitrary code to be executed with
 the privileges of the user running mpg123 (CAN-2004-0805).
 
 As well, an older vulnerability in mpg123, where a response from a
 remote HTTP server could overflow a buffer allocated on the heap, is
 also fixed in these packages.  This vulnerability could also
 potentially permit the execution of arbitray code with the privileges
 of the user running mpg123 (CAN-2003-0865).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0805
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 0b5270c11943064f9c0f7374f63cdc4c  10.0/RPMS/mpg123-0.59r-21.1.100mdk.i586.rpm
 8661f67e88ebc2821d4c5e212236465d  10.0/SRPMS/mpg123-0.59r-21.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 f6e601b01a3c8b24279b3465e784829a  amd64/10.0/RPMS/mpg123-0.59r-21.1.100mdk.amd64.rpm
 8661f67e88ebc2821d4c5e212236465d  amd64/10.0/SRPMS/mpg123-0.59r-21.1.100mdk.src.rpm

 Corporate Server 2.1:
 714d75b86c7a99c40f522cc45f69d136  corporate/2.1/RPMS/mpg123-0.59r-21.1.C21mdk.i586.rpm
 cba666174f4117e7776c9baa04f8983a  corporate/2.1/SRPMS/mpg123-0.59r-21.1.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 f7279fee83461fa06a9bbcc904b0ead2  x86_64/corporate/2.1/RPMS/mpg123-0.59r-21.1.C21mdk.x86_64.rpm
 cba666174f4117e7776c9baa04f8983a  x86_64/corporate/2.1/SRPMS/mpg123-0.59r-21.1.C21mdk.src.rpm

 Mandrakelinux 9.2:
 afe98cf7c89affb136b7048b3f387583  9.2/RPMS/mpg123-0.59r-21.1.92mdk.i586.rpm
 21a4273e29d60f0e79a5092b7713301b  9.2/SRPMS/mpg123-0.59r-21.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 590153b9ca949f851903d6010ced9ae8  amd64/9.2/RPMS/mpg123-0.59r-21.1.92mdk.amd64.rpm
 21a4273e29d60f0e79a5092b7713301b  amd64/9.2/SRPMS/mpg123-0.59r-21.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBUetWmqjQ0CJFipgRAlD8AJ9tY/3Soi6fKJqVRG7vRTDPhNBBuwCfYeXN
kX4V4dICCQtnTE2+3w4g03g=
=AKOr
-----END PGP SIGNATURE-----


------------=_1095889545-12666-6000
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

------------=_1095889545-12666-6000--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC