mpg123 readstring function buffer overflow
| mpg123-readstring-bo (13265) |  Low Risk |
Description:
mpg123 is vulnerable to a heap buffer overflow, caused by the readstring function in the httpget.c audio streaming service. The readstring function is called to read strings from remote hosts. A remote attacker could supply a long string to overflow the allocated space on the heap to cause the system to crash or possibly execute arbitrary code on the system.
Consequences:
Denial of Service
Remedy:
For Conectiva Linux:
Upgrade to the latest mpg123 package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2003:781 for more information. See References.
Conectiva Linux 7.0: 0.59r-5U70_2cl or later
Conectiva Linux 8: 0.59r-7U80_2cl or later
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest mgp package (0.59r-13woody2 or later), as listed in DSA-435-1. See References.
For Caldera OpenLinux 3.1.1 Server and Workstation:
Upgrade to the latest mpg123 package, as listed below. Refer to SCO Security Advisory CSSA-2004-002.0 for more information. See References.
Caldera OpenLinux 3.1.1 Server and Workstation: 123-0.59r-7MR or later
For Mandrake Linux:
Upgrade to the latest mpg123 package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:100 : mpg123 for more information. See References.
Mandrake Linux 9.2: 0.59r-21.1.92mdk or later
Mandrake Linux Corporate Server 2.1: 0.59r-21.1.C21mdk or later
Mandrake Linux 10.0: 0.59r-21.1.100mdk or later
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Mon Sep 22 2003 - 22:44:59 CDT: mpg123[v0.59r,v0.59s]: remote client-side heap corruption exploit..
- Conectiva Linux Security Announcement CLSA-2003:781: mpg123.
- mpg123 Web site: mpg123, Fast MP3 Player for Linux and UNIX systems.
- SCO Security Advisory CSSA-2004-002.0: OpenLinux: mpg123 remote denial of service and heap-based buffer overflow.
- BID-8680: MPG123 Remote File Play Heap Corruption Vulnerability
- CVE-2003-0865: Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
- DSA-435: mpg123 -- heap overflow
- MDKSA-2004:100: Updated mpg123 packages fix vulnerabilities
Platforms Affected:
- Conectiva Linux 7.0
- Conectiva Linux 8.0
- Debian Debian Linux 3.0
- MandrakeSoft Mandrake Linux 10.0 AMD64
- MandrakeSoft Mandrake Linux 10.0
- MandrakeSoft Mandrake Linux 9.2
- MandrakeSoft Mandrake Linux 9.2 AMD64
- MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- mpg123 mpg123 0.59 r
- mpg123 mpg123 pre0.59s
- SCO Caldera OpenLinux Server 3.1.1
- SCO Caldera OpenLinux Workstation 3.1.1
Reported:
Sep 22, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net