CNNVD-ID编号 | CNNVD-200604-067 |
CVE编号 | CVE-2006-1655 |
发布时间 | 2006-04-06 |
更新时间 | 2006-08-28 |
漏洞类型 | 缓冲区溢出 |
漏洞来源 | Nitrous nitrous@conthackto.com.mx |
危险等级 | 中危 |
威胁类型 | 远程 |
厂 商 | mpg123 |
mpg123是软件开发者Michael Hipp所研发的一款使用于Linux和Unix操作系统下的MPEG音频播放器和解码库。
mpg123在处理MPEG 2.0的3层文件时,layer3.c的III_i_stereo()函数中存在缓冲区溢出漏洞,攻击者可能利用此漏洞执行任意指令。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
mpg123 mpg123 0.59 r
Debian mpg123-esd_0.59r-20sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-20sarge1_alpha.deb
Debian mpg123-esd_0.59r-20sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-20sarge1_i386.deb
Debian mpg123-esd_0.59r-20sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0 .59r-20sarge1_powerpc.deb
Debian mpg123-nas_0.59r-20sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0 .59r-20sarge1_i386.deb
Debian mpg123-oss-3dnow_0.59r-20sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3 dnow_0.59r-20sarge1_i386.deb
Debian mpg123-oss-i486_0.59r-20sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i 486_0.59r-20sarge1_i386.deb
Debian mpg123_0.59r-20sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_alpha.deb
Debian mpg123_0.59r-20sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_arm.deb
Debian mpg123_0.59r-20sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_hppa.deb
Debian mpg123_0.59r-20sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_i386.deb
Debian mpg123_0.59r-20sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_m68k.deb
Debian mpg123_0.59r-20sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_powerpc.deb
Debian mpg123_0.59r-20sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r -20sarge1_sparc.deb
Mandriva mpg123-0.59r-22.3.C30mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download
Mandriva mpg123-0.59r-22.3.C30mdk.src.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download
Mandriva mpg123-0.59r-22.3.C30mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download
Mandriva mpg123-0.59r-23.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download
Mandriva mpg123-0.59r-23.1.20060mdk.src.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download
Mandriva mpg123-0.59r-23.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download
来源: BID
名称: 17365
来源: DEBIAN
名称: DSA-1074
来源: SECUNIA
名称: 20281
来源: SECUNIA
名称: 20275
来源: SECUNIA
名称: 20240
来源: MANDRIVA
名称: MDKSA-2006:092
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:092
来源: MISC
链接:http://downloads.securityfocus.com/vulnerabilities/exploits/mpg1DoS3.pl