Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 mpg123 Buffer Overflow in getauthformURL() May Let Remote Users Execute Arbitrary Code
Categorie: Vulnerability
Posted: 2004-10-22 by ReCall
Views: 455
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A buffer overflow vulnerability was reported in mpg123 in getauthformURL(). A remote user may be able to execute arbitrary code on the target user's system.

Carlos Barros reported that getauthfromURL() contains an overflow in the processing of the 'httpauth1' variable. A remote user can create a specially crafted playlist that, when processed by the target user, may execute arbitrary code on the target user's system.

A demonstration exploit URL format is provided:

http://AAAAAAAAAAAAAA...AAAAA@www.somesite.com/somefile.xxx,

It is reported that the http_open() function also contains a buffer overflow that allows a local user to execute arbitrary code.

The vendor was notified on October 10, 2004, without response.

Impact: A remote user may be able to execute arbitrary code on the target user's system with the privileges of the target user.

Solution: No solution was available at the time of this entry.
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1036

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES