MPG123畸形MP3文件缓冲区溢出漏洞

漏洞信息详情

MPG123畸形MP3文件缓冲区溢出漏洞

• CNNVD编号：CNNVD-200604-067
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-1655
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2006-04-06
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-28
  
• 厂        商：
  
  mpg123
• 漏洞来源：
  Nitrous nitrous@co…

mpg123是软件开发者Michael Hipp所研发的一款使用于Linux和Unix操作系统下的MPEG音频播放器和解码库。

mpg123在处理MPEG 2.0的3层文件时，layer3.c的III_i_stereo()函数中存在缓冲区溢出漏洞，攻击者可能利用此漏洞执行任意指令。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

mpg123 mpg123 0.59 r

Debian mpg123-esd_0.59r-20sarge1_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-20sarge1_alpha.deb

Debian mpg123-esd_0.59r-20sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-20sarge1_i386.deb

Debian mpg123-esd_0.59r-20sarge1_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-20sarge1_powerpc.deb

Debian mpg123-nas_0.59r-20sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0 .59r-20sarge1_i386.deb

Debian mpg123-oss-3dnow_0.59r-20sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3 dnow_0.59r-20sarge1_i386.deb

Debian mpg123-oss-i486_0.59r-20sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i 486_0.59r-20sarge1_i386.deb

Debian mpg123_0.59r-20sarge1_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_alpha.deb

Debian mpg123_0.59r-20sarge1_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_arm.deb

Debian mpg123_0.59r-20sarge1_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_hppa.deb

Debian mpg123_0.59r-20sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_i386.deb

Debian mpg123_0.59r-20sarge1_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_m68k.deb

Debian mpg123_0.59r-20sarge1_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_powerpc.deb

Debian mpg123_0.59r-20sarge1_sparc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_sparc.deb

Mandriva mpg123-0.59r-22.3.C30mdk.i586.rpm

Mandriva Linux 2006.0:

http://www.mandriva.com/en/download

Mandriva mpg123-0.59r-22.3.C30mdk.src.rpm

Mandriva Linux 2006.0:

http://www.mandriva.com/en/download

Mandriva mpg123-0.59r-22.3.C30mdk.x86_64.rpm

Mandriva Linux 2006.0:

http://www.mandriva.com/en/download

Mandriva mpg123-0.59r-23.1.20060mdk.i586.rpm

Mandriva Linux 2006.0:

http://www.mandriva.com/en/download

Mandriva mpg123-0.59r-23.1.20060mdk.src.rpm

Mandriva Linux 2006.0:

http://www.mandriva.com/en/download

Mandriva mpg123-0.59r-23.1.20060mdk.x86_64.rpm

Mandriva Linux 2006.0:

http://www.mandriva.com/en/download

来源: BID

名称: 17365

链接:http://www.securityfocus.com/bid/17365

来源: DEBIAN

名称: DSA-1074

链接:http://www.debian.org/security/2006/dsa-1074

来源: SECUNIA

名称: 20281

链接:http://secunia.com/advisories/20281

来源: SECUNIA

名称: 20275

链接:http://secunia.com/advisories/20275

来源: SECUNIA

名称: 20240

链接:http://secunia.com/advisories/20240

来源: MANDRIVA

名称: MDKSA-2006:092

链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:092

来源: MISC

链接:http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl

来源: MANDRIVA

名称: MDKSA-2006:092

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:092