Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0982

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0982
Last Modified 05 Sep 2008 04:39:59
Published 09 Feb 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0982

Summary

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

Vulnerable Systems

Application

  • Mpg123 0.59r

  • Mpg123 Pre0.59s


References

BID - 11468

DEBIAN - DSA-578

XF - mpg123-getauthfromurl-bo(17574)

OSVDB - 11023

GENTOO - GLSA-200410-27

MISC - http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt

SECTRACK - 1011832

SECUNIA - 12908

BUGTRAQ - 20041019 mpg123 "getauthfromurl" buffer overflow


Last Updated: 27 May 2016 10:38:50