|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200607-01] mpg123: Heap overflow Vulnerability Scan
Vulnerability Scan Summary mpg123: Heap overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200607-01
(mpg123: Heap overflow)
In httpdget.c, a variable is assigned to the heap, and is supposed to
receive a smaller allocation. As this variable was not terminated
properly, strncpy() will overwrite the data assigned next in memory.
Impact
By enticing a user to visit a malicious URL, a possible hacker could possibly
execute arbitrary code with the rights of the user running mpg123.
Workaround
There is no known workaround at this time.
Solution:
All mpg123 users should update to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/mpg123-0.59s-r11"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|