mpg321 Format String Flaw May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1008613
|
|
CVE Reference: CAN-2003-0969
(Links to External Site)
|
Date: Jan 6 2004
|
Impact: Execution of arbitrary code via network, User access via network
|
Description: A format string vulnerability was reported in mpg321. A remote user may be able to execute arbitrary code.
It is reported that the software passes user-supplied input to a printf(3) function call in an unsafe manner. A remote user may
be able to overwrite memory locations to execute arbitrary code.
A malicious MP3 file (or an MP3 stream via HTTP) can reportedly
trigger the flaw.
The flaw resides in 'mpg321.c'.
|
Impact: A remote user may be able to cause arbitrary code to be executed on the target user's system when the target user loads an MP3 file or stream. The code will run with the privileges of the target user.
|
Solution: No upstream solution was available at the time of this entry. Individual Linux distributions may be issuing fixes [see the Message History for updates].
|
Vendor URL: mpg321.sourceforge.net/ (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 05 Jan 2004 22:33:54 -0500
Subject: CVE: CAN-2003-0969
|
CVE: CAN-2003-0969
Debian reported that there is a format string vulnerability in mpg321. The report
indicates that the software passes user-supplied input to a printf(3) function call in an
unsafe manner.
A remote user may be able to overwrite memory locations to execute arbitrary code.
A malicious MP3 file (or an MP3 stream via HTTP) can trigger the flaw, the report said.
|
|
