On Tue, 2002-02-12 at 18:05, -l0rt- wrote: > I know that there have been older similar bugs, here is a new one that I > could find nothing about in the lists. Older similar bugs in mpg321? Why does nobody tell me about this? > mpg123 accepts url's and may be used by other suid binaries or services. > A buffer condition exists in mpg321 that could allow for > remote/unwarrented command execution by means of a specailly formatted > URL or other input. mpg321 is not setuid or setgid. Other suid binaries should have no trouble, since mpg321 is a stand-alone binary. > fact: > mpg123 cores when it is passed the following string: > > mpg123 `perl -e'print "A" x 10000'` > This should not have been remotely exploitable, but I no longer trust myself, given how wrong my code was proven with this. This bug is now fixed in CVS. -- Joe Drew <hoserhead@woot.net> <drew@debian.org> Please encrypt email sent to me.
