Full Disclosure mailing list archives
Re: [SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Fri, 6 Feb 2004 11:49:07 -0800
WHich is it - mpg123 or mpg321? G On or about 2004.02.06 10:14:39 +0000, debian-security-announce () lists debian org (debian-security-announce () lists debian org) said:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package : mpg123 Vulnerability : heap overflow Problem-Type : remote Debian-specific: no CVE Ids : CAN-2003-0865 A vulnerability was discovered in mpg123, a command-line mp3 player, whereby a response from a remote HTTP server could overflow a buffer allocated on the heap, potentially permitting execution of arbitrary code with the privileges of the user invoking mpg123. In order for this vulnerability to be exploited, mpg321 would need to request an mp3 stream from a malicious remote server via HTTP.
<<SNIP>>
-----END PGP SIGNATURE-----
-- Gregory A. Gilliss, CISSP E-mail: greg () gilliss com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow debian-security-announce (Feb 06)
- Re: [SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow Gregory A. Gilliss (Feb 06)
- Re: [SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow Spiro Trikaliotis (Feb 07)
- Re: [SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow Matt Zimmerman (Feb 07)
- Re: [SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow Spiro Trikaliotis (Feb 07)
- Re: [SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow Gregory A. Gilliss (Feb 06)