FreeBSD Ports: mpg123, mpg123-nas, mpg123-esound

Published: 2008-09-04 18:41:11
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Technical Details:
The following Linux Distribution Packages are affected: mpg123 mpg123-nas mpg123-esound CVE-2004-0982 Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

Recommendations:
Update your system with the appropriate patches or software upgrades. http://marc.theaimsgroup.com/?l=bugtraq&m=109834486312407 http://www.vuxml.org/freebsd/20d16518-2477-11d9-814e-0001020eed82.html

Summary:
The remote host is missing an update to the system as announced in the referenced advisory.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2004-0982

CVE Analysis

https://www.mageni.net/cve/CVE-2004-0982

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/11468

Severity
High
CVSS Score
10.0
Published
2008-09-04
Modified
2016-09-26
Category
FreeBSD Local Security Checks

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.