CVE-2004-0805
CVSS7.5
发布时间 :2004-12-23 00:00:00
修订时间 :2016-12-07 21:59:31
NMCOPS    

[原文]Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.


[CNNVD]mpg123远程缓冲区溢出漏洞(CNNVD-200412-087)

        
        mpg123是一款使用于Linux和Unix操作系统下的MP3播放程序。
        mpg123在处理畸形格式的MP3/2文件时存在问题,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。
        由于对特殊MP3/2文件的文件头缺少正确边界缓冲区检查,攻击者可以构建恶意URL,诱使mpg123解析,可导致发生缓冲区溢出,精心构建文件头数据可能以进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/o:mandrakesoft:mandrake_linux:9.2MandrakeSoft Mandrake Linux 9.2
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64
cpe:/a:mpg123:mpg123:0.59s
cpe:/a:mpg123:mpg123:0.59r
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0805
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0805
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-087
(官方数据源) CNNVD

- 其它链接及资源

http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026151.html
(UNKNOWN)  FULLDISC  20040907 mpg123 buffer overflow vulnerability
http://www.alighieri.org/advisories/advisory-mpg123.txt
(UNKNOWN)  MISC  http://www.alighieri.org/advisories/advisory-mpg123.txt
http://www.debian.org/security/2004/dsa-564
(VENDOR_ADVISORY)  DEBIAN  DSA-564
http://www.gentoo.org/security/en/glsa/glsa-200409-20.xml
(UNKNOWN)  GENTOO  GLSA-200409-20
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:100
(UNKNOWN)  MANDRAKE  MDKSA-2004:100
http://www.securityfocus.com/archive/1/374433
(UNKNOWN)  BUGTRAQ  20040916 mpg123 buffer overflow vulnerability
http://www.securityfocus.com/bid/11121
(UNKNOWN)  BID  11121
http://xforce.iss.net/xforce/xfdb/17287
(VENDOR_ADVISORY)  XF  mpg123-layer2c-bo(17287)

- 漏洞信息

mpg123远程缓冲区溢出漏洞
高危 边界条件错误
2004-12-23 00:00:00 2005-10-20 00:00:00
远程  
        
        mpg123是一款使用于Linux和Unix操作系统下的MP3播放程序。
        mpg123在处理畸形格式的MP3/2文件时存在问题,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。
        由于对特殊MP3/2文件的文件头缺少正确边界缓冲区检查,攻击者可以构建恶意URL,诱使mpg123解析,可导致发生缓冲区溢出,精心构建文件头数据可能以进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        mpg123
        ------
        可采用如下补丁:
        Index: layer2.c
        ===================================================================
        RCS file: /home/kobras/cvsroot/debian/mpg123/layer2.c,v
        retrieving revision 1.1.1.1
        diff -u -r1.1.1.1 layer2.c
         --- layer2.c 1999/02/10 12:13:06 1.1.1.1
        +++ layer2.c 2004/09/02 21:43:58
        @@ -265,6 +265,11 @@
         fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
         (fr->mode_ext<<2)+4 : fr->II_sblimit;
        + if (fr->jsbound > fr->II_sblimit) {
        + fprintf(stderr, "Truncating stereo boundary to sideband limit.\n");
        + fr->jsbound=fr->II_sblimit;
        + }
        +
         if(stereo == 1 || single == 3)
         single = 0;

- 漏洞信息 (F34297)

mpg123overflow.txt (PacketStormID:F34297)
2004-09-10 00:00:00
Davide Del Vecchio  alighieri.org
advisory,arbitrary
CVE-2004-0805
[点击下载]

A malicious formatted mp3/2 causes mpg123 to fail header checks, this may allow arbitrary code to be executed with the privilege of the user trying to play the mp3. Versions affected: mpg123-0.59r and maybe mpg123-0.59s.

=======================================================
 mpg123-0.59r buffer overflow vulnerability
======================================================= 

Davide Del Vecchio Adv#10 

Discovered in: 16/08/2003
Date: 06/09/2003
Version affected: mpg123-0.59r and maybe mpg123-0.59s
CVE: CAN-2004-0805 

Tested and verified on Linux debian SID and OpenBSD.
The same vulnerable code is also present in the development
version 0.59s, but new and unrelated header checks have prevented the
test case for 0.59r from crashing this version as well. A more
carefully crafted file might hit the vulnerability on 0.59s as well. 

It should affect almost every OS with mpg123 package installed. 


Description: 

 mpg123 reads one or more files (or standard input if     

- 漏洞信息

9748
mpg123 layer2.c Header Remote Overflow
Context Dependent Input Manipulation
Loss of Integrity Third-Party Solution
Exploit Unknown Third-party Verified

- 漏洞描述

mpg123 contains an overflow condition in the handling of MP2 or MP3 files. The issue is due to the 'do_layer()' function in layer2.c not validating user-supplied input. With a specially crafted MP2 or MP3 file, a context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

- 时间线

2004-09-06 2003-08-16
Unknow Unknow

- 解决方案

Multiple vendors have released a patch to address this vulnerability. Check the vendor advisory, changelog, or solution in the references section for details.

- 相关参考

- 漏洞作者

- 漏洞信息

MPG123 Remote Stereo Boundary Buffer Overflow Vulnerability
Boundary Condition Error 11121
Yes No
2004-09-07 12:00:00 2009-07-12 07:06:00
Discovery of this issue is credited to "Davide Del Vecchio" <dante@alighieri.org>.

- 受影响的程序版本

mpg123 mpg123 0.59 s
+ Gentoo Linux
mpg123 mpg123 0.59 r
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4
+ Gentoo Linux
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1

- 漏洞讨论

Reportedly mpg123 is affected by a remote stereo boundary buffer overflow vulnerability. This issue is due to a failure of the application to properly validate user-supplied string sizes prior to copying them into process buffers.

This issue will allow a malicious user to manipulate process memory ultimately leading to arbitrary code execution in the context of the user that started the vulnerable application.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Gentoo has released updates to this issue that may be applied with the following commands:
emerge sync
emerge -pv ">=media-sound/mpg123-0.59s-r4"
emerge ">=media-sound/mpg123-0.59s-r4"

Mandrake Linux has released advisory MDKSA-2004:100 along with fixes to address this issue. Please see the referenced advisory for further information.

Debian has released advisory DSA 564-1 to address this issue. Please see the attached advisory for information on obtaining and applying fixes.


mpg123 mpg123 0.59 r

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站