mpg123 negative framesize buffer calculation could allow code execution
| mpg123-neg-framesize-buffer (11100) |  High Risk |
Description:
mpg123 could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability regarding the calculation of the framesize buffer. A remote attacker could create a malicious MP3 file with a bitrate of zero to cause a negative framesize to be calculated, which would allow the attacker to execute arbitrary code on the system.
Consequences:
Gain Access
Remedy:
For Conectiva Linux:
Upgrade to the latest mpg123 package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2003:695 for more information. See References.
Conectiva Linux 7.0: 0.59r-5U70_1cl or later
Conectiva Linux 8: 0.59r-7U80_1cl or later
For Mandrake Linux:
Upgrade to the latest mpg123 package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:078 : mpg123 for more information. See References.
Mandrake Linux 9.0, 9.1, Corporate Server 2.1: 0.59r-17.1mdk or later
For Gentoo Linux:
Upgrade to the latest version of mpg123 (.59r-r3 stable or 0.59s-r1 masked or later), as listed in Gentoo Linux Security Announcement 200309-17. See References.
As a workaround, apply the unofficial patch for your system, as listed in the BugTraq Mailing List posting dated Thu Jan 16 2003 - 02:43:03 CST. See References.
For Caldera OpenLinux 3.1.1 Server and Workstation:
Upgrade to the latest mpg123 package, as listed below. Refer to SCO Security Advisory CSSA-2004-002.0 for more information. See References.
Caldera OpenLinux 3.1.1 Server and Workstation: 123-0.59r-7MR or later
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Thu Jan 16 2003 - 02:43:03 CST : Re[2]: Local/remote mpg123 exploit.
- Conectiva Linux Security Announcement CLSA-2003:695: mpg123.
- Gentoo Linux Security Announcement 200309-17: mpg123. (From LinuxSecurity archive)
- mpg123 Web site: mpg123, Fast MP3 Player for Linux and UNIX Systems.
- SCO Security Advisory CSSA-2004-002.0: OpenLinux: mpg123 remote denial of service and heap-based buffer overflow. (From LinuxSecurity archive)
- BID-6629: mpg123 Incorrect Framesize Calculation Memory Corruption Vulnerability
- CVE-2003-0577: mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.
- MDKSA-2003:078: Updated mpg123 packages fix vulnerability
- SA7875: mpg123 Negative Framesize Buffer Overflow Vulnerability
Platforms Affected:
- Conectiva Linux 7.0
- Conectiva Linux 8.0
- Gentoo Linux
- MandrakeSoft Mandrake Linux 9.0
- MandrakeSoft Mandrake Linux 9.1
- MandrakeSoft Mandrake Linux 9.1 PPC
- MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- mpg123 mpg123 0.59 r
- mpg123 mpg123 pre0.59s
- SCO Caldera OpenLinux Server 3.1.1
- SCO Caldera OpenLinux Workstation 3.1.1
Reported:
Jan 16, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net