TUCoPS :: Linux :: Apps A-M :: hack1099.htm

mpg123 remote denial of service and heap-based buffer overflow (OpenLinux)
OpenLinux: mpg123 remote denial of service and heap-based buffer overflow


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: mpg123 remote denial of service and heap-based buffer overflow
Advisory number: 	CSSA-2004-002.0
Issue date: 		2004 February 19
Cross reference: 	sr882700 fz528149 erg712383 CAN-2003-0577 CAN-2003-0865
______________________________________________________________________________


1. Problem Description

	mpg123 0.59r allows remote attackers to cause a denial of
	service and possibly execute arbitrary code via an MP3 file
	with a zero bitrate, which creates a negative frame size. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the name CAN-2003-0577 to this issue. 

	Heap-based buffer overflow in readstring of httpget.c for mpg123 
	0.59r and 0.59s allows remote attackers to execute arbitrary code 
	via a long request. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2003-0865 to this issue.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------
	OpenLinux 3.1.1 Server		prior to mpg123-0.59r-7MR.i386.rpm
	OpenLinux 3.1.1 Workstation	prior to mpg123-0.59r-7MR.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-00 2.0/RPMS

	4.2 Packages

	cb8a81f231da3c943dfaa366df68045a	mpg123-0.59r-7MR.i386.rpm

	4.3 Installation

	rpm -Fvh mpg123-0.59r-7MR.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-00 2.0/SRPMS

	4.5 Source Packages

	810ef880b6ad68ea7aea631241552dad	mpg123-0.59r-7MR.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-200 4-002.0/RPMS

	5.2 Packages

	13165b654404e73fe934cc13347c81b3	mpg123-0.59r-7MR.i386.rpm

	5.3 Installation

	rpm -Fvh mpg123-0.59r-7MR.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-200 4-002.0/SRPMS

	5.5 Source Packages

	98203970951e6c87d715170324a8ca2c	mpg123-0.59r-7MR.src.rpm


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0577 
		http://www.securityfocus.com/archive/1/306903 
		http://www.securityfocus.com/bid/6629 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865 
		http://www.securityfocus.com/archive/1/338641 
		http://marc.theaimsgroup.com/?l=bugtraq&m=106493686331198&w=2 
		http://www.securityfocus.com/bid/8680 

	SCO security resources:
		http://www.sco.com/support/security/index.html 

	This security fix closes SCO incidents sr882700 fz528149
	erg712383.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	SCO would like to thank 3APA3A and Vade79.
______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFANR6BbluZssSXDTERAkUSAKD5UpVu/XHZCLZAusCskfOW8Kc+WwCeOHzc
EdlXB2iI6iZBGoW2jFnhUFs=
=ftql
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH