Vulnerability CVE-2004-0982 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0982 (CCN-17574)

Assigned:

2004-10-19

Published:

2004-10-19

Updated:

2017-07-11

Summary:

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Tue Oct 19 2004 - 22:19:42 CDT
mpg123 "getauthfromurl" buffer overflow

Source: MITRE
Type: CNA
CVE-2004-0982

Source: BUGTRAQ
Type: UNKNOWN
20041019 mpg123 "getauthfromurl" buffer overflow

Source: CCN
Type: SA12908
mpg123 "getauthfromURL()" Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
12908

Source: CCN
Type: SECTRACK ID: 1011832
mpg123 Buffer Overflow in getauthformURL() May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1011832

Source: MISC
Type: UNKNOWN
http://www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-578

Source: DEBIAN
Type: DSA-578
mpg123 -- buffer overflow

Source: CCN
Type: GLSA-200410-27
mpg123: Buffer overflow vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200410-27

Source: CCN
Type: mpg123 Web site
mpg123, Fast MP3 Player for Linux and UNIX systems

Source: OSVDB
Type: UNKNOWN
11023

Source: CCN
Type: OSVDB ID: 11023
mpg123 getauthfromURL() httpauth1 Remote Buffer Overflow

Source: CCN
Type: OSVDB ID: 27050
mpg123 on Gentoo Linux httpdget.c URL Handling Overflow

Source: BID
Type: Patch, Vendor Advisory
11468

Source: CCN
Type: BID-11468
MPG123 Remote URL Open Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
mpg123-getauthfromurl-bo(17574)

Source: XF
Type: UNKNOWN
mpg123-getauthfromurl-bo(17574)

Source: SUSE
Type: SUSE-SR:2005:002
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*

OR cpe:/a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20040982	V	CVE-2004-0982	2015-11-16
oval:org.debian:def:578	V	buffer overflow	2004-11-01