• info
• discussion
• exploit
• solution
• references

MPG123 Remote Stereo Boundary Buffer Overflow Vulnerability

Solution:
Gentoo has released updates to this issue that may be applied with the following commands:
emerge sync
emerge -pv ">=media-sound/mpg123-0.59s-r4"
emerge ">=media-sound/mpg123-0.59s-r4"

Mandrake Linux has released advisory MDKSA-2004:100 along with fixes to address this issue. Please see the referenced advisory for further information.

Debian has released advisory DSA 564-1 to address this issue. Please see the attached advisory for information on obtaining and applying fixes.


mpg123 mpg123 0.59 r

• Debian mpg123-esd_0.59r-13woody3_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-13woody3_i386.deb


• Debian mpg123-esd_0.59r-13woody3_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-13woody3_powerpc.deb


• Debian mpg123-nas_0.59r-13woody3_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0 .59r-13woody3_i386.deb


• Debian mpg123-oss-3dnow_0.59r-13woody3_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3 dnow_0.59r-13woody3_i386.deb


• Debian mpg123-oss-i486_0.59r-13woody3_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i 486_0.59r-13woody3_i386.deb


• Debian mpg123_0.59r-13woody3_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody3_alpha.deb


• Debian mpg123_0.59r-13woody3_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody3_arm.deb


• Debian mpg123_0.59r-13woody3_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody3_hppa.deb


• Debian mpg123_0.59r-13woody3_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody3_i386.deb


• Debian mpg123_0.59r-13woody3_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody3_m68k.deb


• Debian mpg123_0.59r-13woody3_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody3_powerpc.deb


• Debian mpg123_0.59r-13woody3_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -13woody3_sparc.deb


• Mandrake mpg123-0.59r-21.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-21.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-21.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-21.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-21.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mpg123-0.59r-21.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php