Vulnerability Bulletins |
Desbordamiento de búfer en mpg123 |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | mpg123 |
Description |
|
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en mpg123. La vulnerabilidad reside en la falta de validación de entrada a la hora de tratar archivos MP3. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante archivos MP3 especialmente diseñados que la víctima debe intentar reproducir. |
|
Solution |
|
|
Actualización de software Debian Linux Debian Linux 3.1 Source http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1.dsc http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1.diff.gz http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r.orig.tar.gz Alpha architecture: http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_alpha.deb http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-20sarge1_alpha.deb ARM architecture: http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_arm.deb Intel IA-32 architecture: http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_i386.deb http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-20sarge1_i386.deb http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0.59r-20sarge1_i386.deb http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3dnow_0.59r-20sarge1_i386.deb http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i486_0.59r-20sarge1_i386.deb HP Precision architecture: http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_hppa.deb Motorola 680x0 architecture: http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_m68k.deb PowerPC architecture: http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_powerpc.deb http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-20sarge1_powerpc.deb Sun Sparc http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_sparc.deb Mandriva Linux Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/mpg123-0.59r-22.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/mpg123-0.59r-22.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/mpg123-0.59r-22.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/mpg123-0.59r-22.3.C30mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/mpg123-0.59r-23.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/mpg123-0.59r-23.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/mpg123-0.59r-23.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/mpg123-0.59r-23.1.20060mdk.src.rpm |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-1655 |
| BID | 17365 |
Other resources |
|
|
Debian Security Advisory DSA 1074-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00160.html Mandriva Security Advisory MDKSA-2006:092 http://www.mandriva.com/security/advisories?name=MDKSA-2006:092 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-05-25 |
| 1.1 | Aviso emitido por Mandriva (MDKSA-2006:092) | 2006-05-29 |