SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   mpg123 Vendors:   mpg123.de
(Mandrake Issues Fix) mpg123 Buffer Overflow in getauthformURL() May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012034
SecurityTracker URL:  http://securitytracker.com/id/1012034
CVE Reference:   CVE-2004-0982   (Links to External Site)
Date:  Nov 2 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.59r, pre0.59s
Description:   A buffer overflow vulnerability was reported in mpg123 in getauthformURL(). A remote user may be able to execute arbitrary code on the target user's system.

Carlos Barros reported that getauthfromURL() contains an overflow in the processing of the 'httpauth1' variable. A remote user can create a specially crafted playlist that, when processed by the target user, may execute arbitrary code on the target user's system.

A demonstration exploit URL format is provided:

http://AAAAAAAAAAAAAA...AAAAA@www.somesite.com/somefile.xxx,

It is reported that the http_open() function also contains a buffer overflow that allows a local user to execute arbitrary code.

The vendor was notified on October 10, 2004, without response.

Impact:   A remote user may be able to execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
e182221a9da782a235dd6ff3db6d5df0 10.0/RPMS/mpg123-0.59r-22.1.100mdk.i586.rpm
c4d8be742f4e6299c7661d6c66a20d53 10.0/SRPMS/mpg123-0.59r-22.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
79de393feac1cb0b307085f3af8d3fdc amd64/10.0/RPMS/mpg123-0.59r-22.1.100mdk.amd64.rpm
c4d8be742f4e6299c7661d6c66a20d53 amd64/10.0/SRPMS/mpg123-0.59r-22.1.100mdk.src.rpm

Mandrakelinux 10.1:
65f24310894911afebb9172aec3eb7a4 10.1/RPMS/mpg123-0.59r-22.1.101mdk.i586.rpm
ed8c0715a350da0d8b8736f78e52de80 10.1/SRPMS/mpg123-0.59r-22.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
405f3bfd2b7f8379b0fdc4880b1b84ff x86_64/10.1/RPMS/mpg123-0.59r-22.1.101mdk.x86_64.rpm
ed8c0715a350da0d8b8736f78e52de80 x86_64/10.1/SRPMS/mpg123-0.59r-22.1.101mdk.src.rpm

Corporate Server 2.1:
0484f705c2ae6dd6ee6c7183cf5bcc3b corporate/2.1/RPMS/mpg123-0.59r-21.2.C21mdk.i586.rpm
0c38f64a2b5492824947d5aeaddb190a corporate/2.1/SRPMS/mpg123-0.59r-21.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
1974ef15ef340f0c38a9dba8ecc9723f x86_64/corporate/2.1/RPMS/mpg123-0.59r-21.2.C21mdk.x86_64.rpm
0c38f64a2b5492824947d5aeaddb190a x86_64/corporate/2.1/SRPMS/mpg123-0.59r-21.2.C21mdk.src.rpm

Vendor URL:  www.mpg123.de/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  10.0, 10.1, Corporate Server 2.1

Message History:   This archive entry is a follow-up to the message listed below.
Oct 21 2004 mpg123 Buffer Overflow in getauthformURL() May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [Security Announce] MDKSA-2004:120 - Updated mpg123 packages fix


This is a multi-part message in MIME format...

------------=_1099365514-1263-2031

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           mpg123
 Advisory ID:            MDKSA-2004:120
 Date:                   November 1st, 2004

 Affected versions:	 10.0, 10.1, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Carlos Barros discovered two buffer overflow vulnerabilities in mpg123;
 the first in the getauthfromURL() function and the second in the
 http_open() function.  These vulnerabilities could be exploited to
 possibly execute arbitrary code with the privileges of the user running
 mpg123.
 
 The provided packages are patched to fix these issues, as well
 additional boundary checks that were lacking have been included (thanks
 to the Gentoo Linux Sound Team for these additional fixes).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891
  http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 e182221a9da782a235dd6ff3db6d5df0  10.0/RPMS/mpg123-0.59r-22.1.100mdk.i586.rpm
 c4d8be742f4e6299c7661d6c66a20d53  10.0/SRPMS/mpg123-0.59r-22.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 79de393feac1cb0b307085f3af8d3fdc  amd64/10.0/RPMS/mpg123-0.59r-22.1.100mdk.amd64.rpm
 c4d8be742f4e6299c7661d6c66a20d53  amd64/10.0/SRPMS/mpg123-0.59r-22.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 65f24310894911afebb9172aec3eb7a4  10.1/RPMS/mpg123-0.59r-22.1.101mdk.i586.rpm
 ed8c0715a350da0d8b8736f78e52de80  10.1/SRPMS/mpg123-0.59r-22.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 405f3bfd2b7f8379b0fdc4880b1b84ff  x86_64/10.1/RPMS/mpg123-0.59r-22.1.101mdk.x86_64.rpm
 ed8c0715a350da0d8b8736f78e52de80  x86_64/10.1/SRPMS/mpg123-0.59r-22.1.101mdk.src.rpm

 Corporate Server 2.1:
 0484f705c2ae6dd6ee6c7183cf5bcc3b  corporate/2.1/RPMS/mpg123-0.59r-21.2.C21mdk.i586.rpm
 0c38f64a2b5492824947d5aeaddb190a  corporate/2.1/SRPMS/mpg123-0.59r-21.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 1974ef15ef340f0c38a9dba8ecc9723f  x86_64/corporate/2.1/RPMS/mpg123-0.59r-21.2.C21mdk.x86_64.rpm
 0c38f64a2b5492824947d5aeaddb190a  x86_64/corporate/2.1/SRPMS/mpg123-0.59r-21.2.C21mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBhtRKmqjQ0CJFipgRAooDAJ9m45+c3fNeYdqf977aWUbBdcdHqgCfc3JN
GpVbCUEyOQlFBoWELUqKG0g=
=fzCE
-----END PGP SIGNATURE-----


------------=_1099365514-1263-2031
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

------------=_1099365514-1263-2031--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC