ID CVE-2003-0427
Summary Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
References
Vulnerable Configurations
  • cpe:2.3:a:miod_vallat:mikmod:3.1.6
    cpe:2.3:a:miod_vallat:mikmod:3.1.6
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-320.NASL
    description Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15157
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15157
    title Debian DSA-320-1 : mikmod - buffer overflow
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-506.NASL
    description Updated mikmod packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. MikMod is a well known MOD music file player for UNIX-based systems. A buffer overflow bug was found in mikmod during the processing of archive filenames. An attacker could create a malicious archive that when opened by mikmod could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0427 to this issue. Users of mikmod are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21835
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21835
    title CentOS 3 / 4 : mikmod (CESA-2005:506)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-506.NASL
    description Updated mikmod packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. MikMod is a well known MOD music file player for UNIX-based systems. A buffer overflow bug was found in mikmod during the processing of archive filenames. An attacker could create a malicious archive that when opened by mikmod could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0427 to this issue. Users of mikmod are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18476
    published 2005-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18476
    title RHEL 2.1 / 3 / 4 : mikmod (RHSA-2005:506)
oval via4
  • accepted 2013-04-29T04:03:15.362-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
    family unix
    id oval:org.mitre.oval:def:10194
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
    version 24
  • accepted 2005-08-18T07:37:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
    family unix
    id oval:org.mitre.oval:def:647
    status accepted
    submitted 2005-06-20T12:00:00.000-04:00
    title mikmod Long Filename Buffer Overflow
    version 3
redhat via4
advisories
rhsa
id RHSA-2005:506
refmap via4
debian DSA-320
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 21-08-2010 - 00:16
Published 24-07-2003 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top