Vulnerabilities > CVE-2006-3355 - Unspecified vulnerability in Mpg123 Pre0.59Sr11
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Gentoo-Specific MPG123 Malicious URI Remote Buffer Overflow Vulnerability. CVE-2006-3355. Dos exploit for linux platform |
id | EDB-ID:28160 |
last seen | 2016-02-03 |
modified | 2006-07-03 |
published | 2006-07-03 |
reporter | Horst Schirmeier |
source | https://www.exploit-db.com/download/28160/ |
title | Gentoo-Specific MPG123 - URI Remote Buffer Overflow Vulnerability |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200607-01.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200607-01 (mpg123: Heap overflow) In httpdget.c, a variable is assigned to the heap, and is supposed to receive a smaller allocation. As this variable was not terminated properly, strncpy() will overwrite the data assigned next in memory. Impact : By enticing a user to visit a malicious URL, an attacker could possibly execute arbitrary code with the rights of the user running mpg123. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21908 |
published | 2006-07-04 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21908 |
title | GLSA-200607-01 : mpg123: Heap overflow |
code |
|
References
- http://bugs.gentoo.org/show_bug.cgi?id=133988
- http://bugs.gentoo.org/show_bug.cgi?id=133988
- http://secunia.com/advisories/20937
- http://secunia.com/advisories/20937
- http://security.gentoo.org/glsa/glsa-200607-01.xml
- http://security.gentoo.org/glsa/glsa-200607-01.xml
- http://www.securityfocus.com/bid/18794
- http://www.securityfocus.com/bid/18794