[Asterisk-Security] mpg123 check
steve szmidt
asterisk-security at szmidt.org
Mon Jan 24 14:09:39 CST 2005
On Monday 24 January 2005 13:36, Javor Ninov wrote:
> Hi,
> Can some one chek the status of mpg123 about this issue :
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0991
That's a good one, though I would never use someone elses mp3's. I make my
own. But for those XXXX's who download mp3's off the net... trouble ahead.
By enticing a user to open a malicious playlist or URL or making use of
a specially-crafted symlink, an attacker could possibly execute
arbitrary code with the rights of the user running mpg123.
There is no known workaround at this time.
All mpg123 users should upgrade to the latest version:
This is from October last year so you should be OK, but you need to check with
YOUR distribution to see what they include. This is not managed by us.
Thanks!
--
Steve Szmidt
More information about the Asterisk-Security
mailing list