发布时间 :2005-01-10 00:00:00
修订时间 :2008-09-10 15:29:44

[原文]Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.

[CNNVD]mpg123 playlist.c 缓冲区溢出漏洞(CNNVD-200501-174)

        mpg123 0.59r中playlist.c的find_next_file函数存在缓冲溢出漏洞。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  mpg123-findnextfile-bo(18626)

- 漏洞信息

mpg123 playlist.c 缓冲区溢出漏洞
危急 缓冲区溢出
2005-01-10 00:00:00 2005-10-20 00:00:00
        mpg123 0.59r中playlist.c的find_next_file函数存在缓冲溢出漏洞。

- 公告与补丁


- 漏洞信息

mpg123 find_next_file() Function Playlist Overflow
Context Dependent Input Manipulation
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

mpg123 contains an overflow condition in the handling of playlists. The issue is due to the 'find_next_file()' function not validating user-supplied input. With a specially crafted playlist, a context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

- 时间线

2004-12-16 Unknow
Unknow 2007-02-07

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 0.65, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MPG123 Find Next File Remote Client-Side Buffer Overflow Vulnerability
Boundary Condition Error 11958
Yes No
2004-12-15 12:00:00 2009-07-12 09:26:00
Bartlomiej Sieka is credited with the discovery of this issue.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
mpg123 mpg123 0.59 r
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4
+ Gentoo Linux
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
mpg123 mpg123 0.59 q
mpg123 mpg123 0.59 p
mpg123 mpg123 0.59 o
mpg123 mpg123 0.59 n
mpg123 mpg123 0.59 m
mpg123 mpg123 pre0.59s

- 漏洞讨论

A remote client-side buffer overflow vulnerability affects mpg123. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

- 漏洞利用

Although an exploit has been made publicly available. The following file reportedly creates a file title 'EXPLOIT' in the current directory of the application. This proof of concept has not been verified by Symantec.

- 解决方案

Gentoo has released an advisory to provide updates for this issue. Updates may be applied by running the following commands as the superuser:

emerge --sync
emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r8"

SuSE Linux has released a summary report (SUSE-SR:2005:001) advising that this as well as other issues have been resolved. Please see the referenced advisory for more information.

mpg123 mpg123 pre0.59s

- 相关参考