Mandrake Linux Security Advisory : mpg123 (MDKSA-2004:120)

Critical Nessus Plugin ID 15600


The remote Mandrake Linux host is missing a security update.


Carlos Barros discovered two buffer overflow vulnerabilities in mpg123; the first in the getauthfromURL() function and the second in the http_open() function. These vulnerabilities could be exploited to possibly execute arbitrary code with the privileges of the user running mpg123.

The provided packages are patched to fix these issues, as well additional boundary checks that were lacking have been included (thanks to the Gentoo Linux Sound Team for these additional fixes).


Update the affected mpg123 package.

See Also

Plugin Details

Severity: Critical

ID: 15600

File Name: mandrake_MDKSA-2004-120.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2004/11/02

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mpg123, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/11/01

Reference Information

CVE: CVE-2004-0982

MDKSA: 2004:120