CVE-2006-1655
CVSS6.5
发布时间 :2006-04-06 06:04:00
修订时间 :2010-04-02 03:23:54
NMCOS    

[原文]Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.


[CNNVD]MPG123畸形MP3文件缓冲区溢出漏洞(CNNVD-200604-067)

        mpg123是一款使用于Linux和Unix操作系统下的MP3播放程序。
        mpg123在处理MPEG 2.0的3层文件时,layer3.c的III_i_stereo()函数中存在缓冲区溢出漏洞,攻击者可能利用此漏洞执行任意指令。

- CVSS (基础分值)

CVSS分值: 6.5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1655
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1655
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-067
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/17365
(UNKNOWN)  BID  17365
http://www.debian.org/security/2006/dsa-1074
(UNKNOWN)  DEBIAN  DSA-1074
http://secunia.com/advisories/20281
(UNKNOWN)  SECUNIA  20281
http://secunia.com/advisories/20275
(UNKNOWN)  SECUNIA  20275
http://secunia.com/advisories/20240
(UNKNOWN)  SECUNIA  20240
http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl
(UNKNOWN)  MISC  http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl
http://www.mandriva.com/security/advisories?name=MDKSA-2006:092
(UNKNOWN)  MANDRIVA  MDKSA-2006:092

- 漏洞信息

MPG123畸形MP3文件缓冲区溢出漏洞
中危 缓冲区溢出
2006-04-06 00:00:00 2006-08-28 00:00:00
远程  
        mpg123是一款使用于Linux和Unix操作系统下的MP3播放程序。
        mpg123在处理MPEG 2.0的3层文件时,layer3.c的III_i_stereo()函数中存在缓冲区溢出漏洞,攻击者可能利用此漏洞执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        mpg123 mpg123 0.59 r
        Debian mpg123-esd_0.59r-20sarge1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-20sarge1_alpha.deb
        Debian mpg123-esd_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-20sarge1_i386.deb
        Debian mpg123-esd_0.59r-20sarge1_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-20sarge1_powerpc.deb
        Debian mpg123-nas_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0 .59r-20sarge1_i386.deb
        Debian mpg123-oss-3dnow_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3 dnow_0.59r-20sarge1_i386.deb
        Debian mpg123-oss-i486_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i 486_0.59r-20sarge1_i386.deb
        Debian mpg123_0.59r-20sarge1_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_alpha.deb
        Debian mpg123_0.59r-20sarge1_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_arm.deb
        Debian mpg123_0.59r-20sarge1_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_hppa.deb
        Debian mpg123_0.59r-20sarge1_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_i386.deb
        Debian mpg123_0.59r-20sarge1_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_m68k.deb
        Debian mpg123_0.59r-20sarge1_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_powerpc.deb
        Debian mpg123_0.59r-20sarge1_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_sparc.deb
        Mandriva mpg123-0.59r-22.3.C30mdk.i586.rpm
        Mandriva Linux 2006.0:
        http://www.mandriva.com/en/download
        Mandriva mpg123-0.59r-22.3.C30mdk.src.rpm
        Mandriva Linux 2006.0:
        http://www.mandriva.com/en/download
        Mandriva mpg123-0.59r-22.3.C30mdk.x86_64.rpm
        Mandriva Linux 2006.0:
        http://www.mandriva.com/en/download
        Mandriva mpg123-0.59r-23.1.20060mdk.i586.rpm
        Mandriva Linux 2006.0:
        http://www.mandriva.com/en/download
        Mandriva mpg123-0.59r-23.1.20060mdk.src.rpm
        Mandriva Linux 2006.0:
        http://www.mandriva.com/en/download
        Mandriva mpg123-0.59r-23.1.20060mdk.x86_64.rpm
        Mandriva Linux 2006.0:
        http://www.mandriva.com/en/download
        

- 漏洞信息

25835
mpg123 III_i_stereo() Function Overflow
Context Dependent Input Manipulation
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

mpg123 contains an overflow condition in the handling of MPEG 2.0 layer 3 files. The issue is due to the 'III_i_stereo()' function in layer3.c not validating user-supplied input. With a specially crafted MPEG 2.0 layer 3 file, a context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

- 时间线

2006-05-25 Unknow
Unknow 2007-01-14

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 0.63, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MPG123 Malformed MP3 File Memory Corruption Vulnerability
Boundary Condition Error 17365
Yes No
2006-04-03 12:00:00 2006-11-29 01:09:00
Discovery is credited to Nitrous <nitrous@conthackto.com.mx>

- 受影响的程序版本

mpg123 mpg123 0.59 r
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4
+ Gentoo Linux
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

The mpg123 application is prone to a memory-corruption vulnerability related to the handling of MP3 streams.

An attacker may be able to exploit this vulnerability to execute arbitrary code in the context of the user running the player, but this has not been confirmed.

This issue may be related to the one described in BID 12218 (MPG123 Layer 2 Frame Header Heap Overflow Vulnerability).

- 漏洞利用

A proof-of-concept denial-of-service exploit is available.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com

Please see the references for third-party vendor advisories and fixes.


mpg123 mpg123 0.59 r

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站