OpenLinux: mpg123 remote denial of service and heap-based buffer overflow

please_reply_to_security_at_sco.com
Date: 02/19/04

  • Next message: please_reply_to_security_at_sco.com: "OpenLinux: Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2"
    To: announce@lists.caldera.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, security-alerts@linuxsecurity.com
    Date: Thu, 19 Feb 2004 14:07:31 -0800 (PST)
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ______________________________________________________________________________

                            SCO Security Advisory

    Subject: OpenLinux: mpg123 remote denial of service and heap-based buffer overflow
    Advisory number: CSSA-2004-002.0
    Issue date: 2004 February 19
    Cross reference: sr882700 fz528149 erg712383 CAN-2003-0577 CAN-2003-0865
    ______________________________________________________________________________

    1. Problem Description

            mpg123 0.59r allows remote attackers to cause a denial of
            service and possibly execute arbitrary code via an MP3 file
            with a zero bitrate, which creates a negative frame size.

            The Common Vulnerabilities and Exposures project (cve.mitre.org)
            has assigned the name CAN-2003-0577 to this issue.

            Heap-based buffer overflow in readstring of httpget.c for mpg123
            0.59r and 0.59s allows remote attackers to execute arbitrary code
            via a long request.

            The Common Vulnerabilities and Exposures project (cve.mitre.org)
            has assigned the name CAN-2003-0865 to this issue.

    2. Vulnerable Supported Versions

            System Package
            ----------------------------------------------------------------------
            OpenLinux 3.1.1 Server prior to mpg123-0.59r-7MR.i386.rpm
            OpenLinux 3.1.1 Workstation prior to mpg123-0.59r-7MR.i386.rpm

    3. Solution

            The proper solution is to install the latest packages. Many
            customers find it easier to use the Caldera System Updater, called
            cupdate (or kcupdate under the KDE environment), to update these
            packages rather than downloading and installing them by hand.

    4. OpenLinux 3.1.1 Server

            4.1 Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/RPMS

            4.2 Packages

            cb8a81f231da3c943dfaa366df68045a mpg123-0.59r-7MR.i386.rpm

            4.3 Installation

            rpm -Fvh mpg123-0.59r-7MR.i386.rpm

            4.4 Source Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/SRPMS

            4.5 Source Packages

            810ef880b6ad68ea7aea631241552dad mpg123-0.59r-7MR.src.rpm

    5. OpenLinux 3.1.1 Workstation

            5.1 Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-002.0/RPMS

            5.2 Packages

            13165b654404e73fe934cc13347c81b3 mpg123-0.59r-7MR.i386.rpm

            5.3 Installation

            rpm -Fvh mpg123-0.59r-7MR.i386.rpm

            5.4 Source Package Location

            ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-002.0/SRPMS

            5.5 Source Packages

            98203970951e6c87d715170324a8ca2c mpg123-0.59r-7MR.src.rpm

    6. References

            Specific references for this advisory:
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0577
                    http://www.securityfocus.com/archive/1/306903
                    http://www.securityfocus.com/bid/6629
                    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865
                    http://www.securityfocus.com/archive/1/338641
                    http://marc.theaimsgroup.com/?l=bugtraq&m=106493686331198&w=2
                    http://www.securityfocus.com/bid/8680

            SCO security resources:
                    http://www.sco.com/support/security/index.html

            This security fix closes SCO incidents sr882700 fz528149
            erg712383.

    7. Disclaimer

            SCO is not responsible for the misuse of any of the information
            we provide on this website and/or through our security
            advisories. Our advisories are a service to our customers intended
            to promote secure installation and use of SCO products.

    8. Acknowledgements

            SCO would like to thank 3APA3A and Vade79.
    ______________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

    iD8DBQFANR6BbluZssSXDTERAkUSAKD5UpVu/XHZCLZAusCskfOW8Kc+WwCeOHzc
    EdlXB2iI6iZBGoW2jFnhUFs=
    =ftql
    -----END PGP SIGNATURE-----


  • Next message: please_reply_to_security_at_sco.com: "OpenLinux: Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2"

    Relevant Pages