Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| mpg123 Buffer Overflow In Reading Remote Strings Lets Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2003-09-26 by ReCall
Views: 370
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A buffer overflow vulnerability was reported in the mpg123 audio player. A remote user can supply a specially crafted audio stream that will execute arbitrary code on the player.
vade79/v9 reported that the flaw resides in the readstring() function in 'httpget.c' and can be triggered when reading strings from a remote streaming audio server. According to the report, a variable size buffer is written into a 1024 byte buffer without regards to the size of the destination buffer.
A demonstration exploit is available here:http://fakehalo.deadpig.org/xmpg123.c
Impact: A remote user with a malicious streaming audio server can execute arbitrary code on the connected player. The code will run with the privileges of the user running the mpg123 application.
Solution: No solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=471
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
