FreeBSD : mpg123 -- buffer overflow in URL handling (20d16518-2477-11d9-814e-0001020eed82)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Carlos Barros reports that mpg123 contains two buffer overflows. These
vulnerabilities can potentially lead to execution of arbitrary code.

The first buffer overflow can occur when mpg123 parses a URL with a
user-name/password field that is more than 256 characters long. This
problem can be triggered either locally or remotely via a specially
crafted play list. The second potential buffer overflow may be
triggered locally by a specially crafted symlink to the mpg123 binary.
This problem is not as serious, since mpg123 is not installed setuid
by default.

See also :

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18866 (freebsd_pkg_20d16518247711d9814e0001020eed82.nasl)

Bugtraq ID: 11468

CVE ID: CVE-2004-0982

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now