FreeBSD Local Security Checks : FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.52330

Category: FreeBSD Local Security Checks

Title: FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound

Summary: FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound

Description: The remote host is missing an update to the system
as announced in the referenced advisory.

The following packages are affected:
mpg123
mpg123-nas
mpg123-esound

CVE-2004-0982
Buffer overflow in the getauthfromURL function in httpget.c in mpg123
pre0.59s and mpg123 0.59r could allow remote attackers or local users
to execute arbitrary code via an mp3 file that contains a long string
before the @ (at sign) in a URL.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://marc.theaimsgroup.com/?l=bugtraq&m=109834486312407
http://www.vuxml.org/freebsd/20d16518-2477-11d9-814e-0001020eed82.html

Cross-Ref: BugTraq ID: 11468
Common Vulnerability Exposure (CVE) ID: CVE-2004-0982
Bugtraq: 20041019 mpg123 "getauthfromurl" buffer overflow (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=109834486312407&w=2
http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt
Debian Security Information: DSA-578 (Google Search)
http://www.debian.org/security/2004/dsa-578
http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml
http://www.securityfocus.com/bid/11468
http://www.osvdb.org/11023
http://securitytracker.com/id?1011832
http://secunia.com/advisories/12908
XForce ISS Database: mpg123-getauthfromurl-bo(17574)
http://xforce.iss.net/xforce/xfdb/17574

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.52330
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound
Summary:	FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound
Description:	The remote host is missing an update to the system as announced in the referenced advisory. The following packages are affected: mpg123 mpg123-nas mpg123-esound CVE-2004-0982 Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL. Solution: Update your system with the appropriate patches or software upgrades. http://marc.theaimsgroup.com/?l=bugtraq&m=109834486312407 http://www.vuxml.org/freebsd/20d16518-2477-11d9-814e-0001020eed82.html
Cross-Ref:	BugTraq ID: 11468 Common Vulnerability Exposure (CVE) ID: CVE-2004-0982 Bugtraq: 20041019 mpg123 "getauthfromurl" buffer overflow (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=109834486312407&w=2 http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt Debian Security Information: DSA-578 (Google Search) http://www.debian.org/security/2004/dsa-578 http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml http://www.securityfocus.com/bid/11468 http://www.osvdb.org/11023 http://securitytracker.com/id?1011832 http://secunia.com/advisories/12908 XForce ISS Database: mpg123-getauthfromurl-bo(17574) http://xforce.iss.net/xforce/xfdb/17574
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com