Executive Summary
| Summary | |
|---|---|
| Title | New mpg321 packages fix format string vulnerability |
| Informations | |||
|---|---|---|---|
| Name | DSA-411 | First vendor Publication | 2004-01-05 |
| Vendor | Debian | Last vendor Modification | 2004-01-05 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming). For the current stable distribution (woody) this problem has been fixed in version 0.2.10.2. For the unstable distribution (sid) this problem has been fixed in version 0.2.10.3. We recommend that you update your mpg321 package. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-411 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-34 (mpg321) File : nvt/glsa_200503_34.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 411-1 (mpg321) File : nvt/deb_411_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 3331 | mpg321 Remotely Exploitable A remote overflow exists in mpg321. The package fails to validate some striugs within an MP3 file resulting in a printf() overflow. With a specially crafted MP3 file, an attacker can cause execution of arbitrary code resulting in a loss of integrity and/or availability. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-03-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-34.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-411.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:59 |
|
