• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MPG321 File Name ArgV Buffer Overflow Vulnerability

mpg321 is a freely available, open source software package for decoding and playing files encoded as mp3's. It is available for the Unix and Linux platforms.

mpg321 may not properly handle file names. It has been reported that a buffer overflow occurs when mpg321 is executed, and excessively long file names are supplied to the program. Though mpg321 is not a setuid program, this could potentially result in a problem if mpg321 is invoked by a setuid program.