[MBT] new ticket for pkg mpg123 "Remoe execution of arbitary code"
bugs at pld-linux.org
bugs at pld-linux.org
Wed Jan 28 18:12:30 CET 2004
Date: 2004-01-28 18:12:29+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Remoe execution of arbitary code
Ticket ID: #825
Ticket URL: http://bugs.pld-linux.org/?bug=825
Package: mpg123-3:0.59s-0.pre.1
Distribution: PLD-1.0.updates.general
Category: security problem
Current state: opened
Text:
See CAN 2003-865:
Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
Solution:
http://www.securityfocus.com/bid/8680/solution/
Exploit:
fakehalo.deadpig.org/xmpg123.c
More information about the pld-bugs
mailing list