Bugtraq mailing list archives
Re: Local/remote mpg123 exploit
From: Benjamin Tober <btober0 () hotmail com>
Date: 15 Jan 2003 08:16:24 -0000
In-Reply-To: <200301131823.h0DINJbE014752 () mailserver3 hushmail com> I'm not going to address the veracity of the narrative text of this posting, however the exploit is real. I believe that the patch to mpg123 given below closes this particular hole. I have no affiliation with the authors of mpg123 and haven't contacted them, but am providing this patch now because an exploit is publically available. I can, if necessary, provide further explanation of the exploit and the rationale behind the patch but will not do so at this late hour. This patch is with respect to mpg123-pre0.59s and is to the file common.c: --- common.c.orig Wed Jan 15 02:16:08 2003 +++ common.c Wed Jan 15 02:18:52 2003 @@ -579,6 +579,11 @@ fprintf(stderr,"Sorry, unknown layer type.\n"); return (0); } + if (fr->framesize>MAX_INPUT_FRAMESIZE) { + fprintf(stderr,"Frame size too big.\n"); + fr->framesize = MAX_INPUT_FRAMESIZE; + return 0; + } if(!fr->bitrate_index) { /* fprintf(stderr,"Warning, Free format not heavily tested: (head %08lx)\n",newhead); */ Sincerely, Benjamin Tober
Current thread:
- Re: Local/remote mpg123 exploit Benjamin Tober (Jan 16)
- Re[2]: Local/remote mpg123 exploit 3APA3A (Jan 17)
- Re: Local/remote mpg123 exploit Gabucino (Jan 21)
- <Possible follow-ups>
- Local/remote mpg123 exploit gobbles (Jan 21)
- Re: Local/remote mpg123 exploit 3APA3A (Jan 16)
- Re: Local/remote mpg123 exploit Daniel Kobras (Jan 17)