Executive Summary
Summary | |
---|---|
Title | New mpg123 packages fix arbitrary code exceution |
Informations | |||
---|---|---|---|
Name | DSA-564 | First vendor Publication | 2004-10-13 |
Vendor | Debian | Last vendor Modification | 2004-10-13 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Davide Del Vecchio discovered a vulnerability mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player. A malicious MPEG layer 2/3 file could cause the header checks in mpg123 to fail, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123. For the stable distribution (woody) this problem has been fixed in version 0.59r-13woody3. For the unstable distribution (sid) this problem has been fixed in version 0.59r-16. We recommend that you upgrade your mpg123 package. |
Original Source
Url : http://www.debian.org/security/2004/dsa-564 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Os | 4 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-20 (mpg123) File : nvt/glsa_200409_20.nasl |
2008-09-04 | Name : FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound File : nvt/freebsd_mpg1232.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 564-1 (mpg123) File : nvt/deb_564_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9748 | mpg123 layer2.c Header Remote Overflow A remote overflow exists in mpg123. The do_layer2() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted MP3 or MP2 file, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_15e0e96302ed11d9a20900061bc2ad93.nasl - Type : ACT_GATHER_INFO |
2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-564.nasl - Type : ACT_GATHER_INFO |
2004-09-23 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-100.nasl - Type : ACT_GATHER_INFO |
2004-09-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-20.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:30 |
|