Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:DL:MPG123-HEAP-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 MPG123 Streaming Audio Heap Overflow

Release Date

 2003/10/01

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: MPG123 Streaming Audio Heap Overflow


This signature detects attempts to exploit a malicious server response to a streaming audio request from a mpg123 client; mpg123 versions 0.59r and 0.59s are vulnerable. Attackers can execute arbitrary commands on the client.

Extended Description

A problem in the handling of some types of remote files has been reported in mpg123. Because of this, it may be possible for a remote attacker to execute arbitrary code with the privileges of the mpg123 user.

Affected Products

  • Mandriva Corporate Server 2.1.0
  • Mandriva Corporate Server 2.1.0 X86 64
  • Mandriva Linux Mandrake 10.0.0
  • Mandriva Linux Mandrake 10.0.0 amd64
  • Mandriva Linux Mandrake 9.2.0
  • Mandriva Linux Mandrake 9.2.0 amd64
  • mpg123 0.59.0 r
  • mpg123 0.59.0 s

References

  • BugTraq: 8680
  • CVE: CVE-2003-0865
  • URL: http://www.security.nnov.ru/search/news.asp?binid=3136

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out