ID CVE-2004-0805
Summary Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
References
Vulnerable Configurations
  • cpe:2.3:a:mpg123:mpg123:0.59r
    cpe:2.3:a:mpg123:mpg123:0.59r
  • cpe:2.3:a:mpg123:mpg123:0.59s
    cpe:2.3:a:mpg123:mpg123:0.59s
  • MandrakeSoft Mandrake Linux 10.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
  • MandrakeSoft Mandrake Linux 9.2
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:-:x86_64
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-100.NASL
    description A vulnerability in mpg123 was discovered by Davide Del Vecchio where certain malicious mpg3/2 files would cause mpg123 to fail header checks, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123 (CVE-2004-0805). As well, an older vulnerability in mpg123, where a response from a remote HTTP server could overflow a buffer allocated on the heap, is also fixed in these packages. This vulnerability could also potentially permit the execution of arbitrary code with the privileges of the user running mpg123 (CVE-2003-0865).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14794
    published 2004-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14794
    title Mandrake Linux Security Advisory : mpg123 (MDKSA-2004:100)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_MPG123_059_14.NASL
    description The following package needs to be updated: mpg123-esound
    last seen 2016-09-26
    modified 2004-09-14
    plugin id 14721
    published 2004-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14721
    title FreeBSD : mpg123 buffer overflow (119)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_15E0E96302ED11D9A20900061BC2AD93.NASL
    description The mpg123 software version 0.59r contains a buffer overflow vulnerability which may permit the execution of arbitrary code as the owner of the mpg123 process.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 36791
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36791
    title FreeBSD : mpg123 buffer overflow (15e0e963-02ed-11d9-a209-00061bc2ad93)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-564.NASL
    description Davide Del Vecchio discovered a vulnerability in mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player. A malicious MPEG layer 2/3 file could cause the header checks in mpg123 to fail, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15662
    published 2004-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15662
    title Debian DSA-564-1 : mpg123 - missing user input sanitising
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200409-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200409-20 (mpg123: Buffer overflow vulnerability) mpg123 contains a buffer overflow in the code that handles layer2 decoding of media files. Impact : An attacker can possibly exploit this bug with a specially crafted mp3 or mp2 file to execute arbitrary code with the permissions of the user running mpg123. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 14747
    published 2004-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14747
    title GLSA-200409-20 : mpg123: Buffer overflow vulnerability
refmap via4
bid 11121
bugtraq 20040916 mpg123 buffer overflow vulnerability
debian DSA-564
fulldisc 20040907 mpg123 buffer overflow vulnerability
gentoo GLSA-200409-20
mandrake MDKSA-2004:100
misc http://www.alighieri.org/advisories/advisory-mpg123.txt
xf mpg123-layer2c-bo(17287)
Last major update 07-12-2016 - 21:59
Published 23-12-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top