mpg321 mp3 file format string attack

mpg321-mp3-format-string (14148) The risk level is classified as HighHigh Risk

Description:

mpg321 is vulnerable to a format string attack. A remote attacker could create a specially-crafted mp3 file containing format strings that would cause arbitrary commands to be executed on the victim's system, once the malicious file is played.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of mpg321 (0.2.10. or later), available from the mpg321 Web page. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest mpg321 package (0.2.10.2 or later), as listed in DSA-411-1. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

  • mpg321 Web page: mpg321, a Free alternative to mpg123.
  • mpg321ChangeLog Web page: mpg321 (0.2.10) unstable; urgency=low.
  • BID-9364: mpg321 MP3 File Remote Format String Vulnerability
  • CVE-2003-0969: mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.
  • DSA-411: mpg321 -- format string vulnerability
  • GLSA-200503-34: mpg321: Format string vulnerability
  • OSVDB ID: 3331: mpg321 Remotely Exploitable

Platforms Affected:

  • Debian Debian Linux 3.0
  • Gentoo Linux
  • mpg321 mpg321 prior to 0.2.10.2

Reported:

Jan 05, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page