Nessus Plugin #15579

Plugin Index

Note: This file has been created from a downloaded version of the Nessus Plugins from http://www.nessus.org/. Therefore, the information here can be outdated.

[GLSA-200410-27] mpg123: Buffer overflow vulnerabilities

Family:
Gentoo Local Security Checks
Category:
infos
Copyright:
(C) 2004 Michel Arboi
Summary:
mpg123: Buffer overflow vulnerabilities
Version:
$Revision: 1.1 $
Cve_id:
-
Bugtraq_id:
-
Xrefs:
GLSA:200410-27
Description:
The remote host is affected by the vulnerability described in GLSA-200410-27
(mpg123: Buffer overflow vulnerabilities)


Buffer overflow vulnerabilities in the getauthfromURL() and http_open()
functions have been reported by Carlos Barros. Additionally, the Gentoo
Linux Sound Team fixed additional boundary checks which were found to be
lacking.

Impact

By enticing a user to open a malicious playlist or URL or making use of a
specially-crafted symlink, an attacker could possibly execute arbitrary
code with the rights of the user running mpg123.

Workaround

There is no known workaround at this time.

References:
http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt


Solution:
All mpg123 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r5"


Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.