Test ID:	1.3.6.1.4.1.25623.1.0.53254
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 564-1 (mpg123)
Summary:	The remote host is missing an update to mpg123;announced via advisory DSA 564-1.
Description:	Summary: The remote host is missing an update to mpg123 announced via advisory DSA 564-1. Vulnerability Insight: Davide Del Vecchio discovered a vulnerability mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player. A malicious MPEG layer 2/3 file could cause the header checks in mpg123 to fail, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123. For the stable distribution (woody) this problem has been fixed in version 0.59r-13woody3. For the unstable distribution (sid) this problem has been fixed in version 0.59r-16. Solution: We recommend that you upgrade your mpg123 package. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0805 BugTraq ID: 11121 http://www.securityfocus.com/bid/11121 Bugtraq: 20040916 mpg123 buffer overflow vulnerability (Google Search) http://www.securityfocus.com/archive/1/374433 Debian Security Information: DSA-564 (Google Search) http://www.debian.org/security/2004/dsa-564 http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026151.html http://www.gentoo.org/security/en/glsa/glsa-200409-20.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:100 http://www.alighieri.org/advisories/advisory-mpg123.txt XForce ISS Database: mpg123-layer2c-bo(17287) https://exchange.xforce.ibmcloud.com/vulnerabilities/17287
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.