Executive Summary
| Summary | |
|---|---|
| Title | New mpg123 packages fix heap overflow |
| Informations | |||
|---|---|---|---|
| Name | DSA-435 | First vendor Publication | 2004-02-06 |
| Vendor | Debian | Last vendor Modification | 2004-02-06 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability was discovered in mpg123, a command-line mp3 player, whereby a response from a remote HTTP server could overflow a buffer allocated on the heap, potentially permitting execution of arbitrary code with the privileges of the user invoking mpg123. In order for this vulnerability to be exploited, mpg321 would need to request an mp3 stream from a malicious remote server via HTTP. For the current stable distribution (woody) this problem has been fixed in version 0.59r-13woody2. For the unstable distribution (sid) this problem has been fixed in version 0.59r-15. We recommend that you update your mpg123 package. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-435 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound File : nvt/freebsd_mpg1233.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 435-1 (mpg123) File : nvt/deb_435_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 8771 | mpg123 httpget.c Long Request Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_9fccad5a709611d8873f0020ed76ef5a.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-435.nasl - Type : ACT_GATHER_INFO |
| 2004-09-23 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-100.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:04 |
|
