Test ID:	1.3.6.1.4.1.25623.1.0.53270
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-578-1)
Summary:	The remote host is missing an update for the Debian 'mpg123' package(s) announced via the DSA-578-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'mpg123' package(s) announced via the DSA-578-1 advisory. Vulnerability Insight: Carlos Barros has discovered a buffer overflow in the HTTP authentication routine of mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player. If a user opened a malicious playlist or URL, an attacker might execute arbitrary code with the rights of the calling user. For the stable distribution (woody) this problem has been fixed in version 0.59r-13woody4. For the unstable distribution (sid) this problem has been fixed in version 0.59r-17. We recommend that you upgrade your mpg123 package. Affected Software/OS: 'mpg123' package(s) on Debian 3.0. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0982 BugTraq ID: 11468 http://www.securityfocus.com/bid/11468 Bugtraq: 20041019 mpg123 "getauthfromurl" buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=109834486312407&w=2 Debian Security Information: DSA-578 (Google Search) http://www.debian.org/security/2004/dsa-578 http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt http://www.osvdb.org/11023 http://securitytracker.com/id?1011832 http://secunia.com/advisories/12908 XForce ISS Database: mpg123-getauthfromurl-bo(17574) https://exchange.xforce.ibmcloud.com/vulnerabilities/17574
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.