lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040219220731.1974025FCD@helix.pdev.ca.sco.com>
From: please_reply_to_security at sco.com (please_reply_to_security@....com)
Subject: OpenLinux: mpg123 remote denial of service and heap-based buffer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: mpg123 remote denial of service and heap-based buffer overflow
Advisory number: 	CSSA-2004-002.0
Issue date: 		2004 February 19
Cross reference: 	sr882700 fz528149 erg712383 CAN-2003-0577 CAN-2003-0865
______________________________________________________________________________


1. Problem Description

	mpg123 0.59r allows remote attackers to cause a denial of
	service and possibly execute arbitrary code via an MP3 file
	with a zero bitrate, which creates a negative frame size. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the name CAN-2003-0577 to this issue. 

	Heap-based buffer overflow in readstring of httpget.c for mpg123 
	0.59r and 0.59s allows remote attackers to execute arbitrary code 
	via a long request. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2003-0865 to this issue.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------
	OpenLinux 3.1.1 Server		prior to mpg123-0.59r-7MR.i386.rpm
	OpenLinux 3.1.1 Workstation	prior to mpg123-0.59r-7MR.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/RPMS

	4.2 Packages

	cb8a81f231da3c943dfaa366df68045a	mpg123-0.59r-7MR.i386.rpm

	4.3 Installation

	rpm -Fvh mpg123-0.59r-7MR.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/SRPMS

	4.5 Source Packages

	810ef880b6ad68ea7aea631241552dad	mpg123-0.59r-7MR.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-002.0/RPMS

	5.2 Packages

	13165b654404e73fe934cc13347c81b3	mpg123-0.59r-7MR.i386.rpm

	5.3 Installation

	rpm -Fvh mpg123-0.59r-7MR.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-002.0/SRPMS

	5.5 Source Packages

	98203970951e6c87d715170324a8ca2c	mpg123-0.59r-7MR.src.rpm


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0577
		http://www.securityfocus.com/archive/1/306903
		http://www.securityfocus.com/bid/6629
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865
		http://www.securityfocus.com/archive/1/338641
		http://marc.theaimsgroup.com/?l=bugtraq&m=106493686331198&w=2
		http://www.securityfocus.com/bid/8680

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr882700 fz528149
	erg712383.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	SCO would like to thank 3APA3A and Vade79.
______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFANR6BbluZssSXDTERAkUSAKD5UpVu/XHZCLZAusCskfOW8Kc+WwCeOHzc
EdlXB2iI6iZBGoW2jFnhUFs=
=ftql
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ