[ale] [Fwd: Re: Local/remote mpg123 exploit]

John Wells jb at sourceillustrated.com
Thu Jan 16 13:34:42 EST 2003


>From bugtraq:

-------- Original Message --------
Subject: Re: Local/remote mpg123 exploit
From: Benjamin Tober <btober0 at hotmail.com>
To: ale at ale.org
Date: Wed, January 15, 2003 3:16 am
To: bugtraq at securityfocus.com

In-Reply-To: <200301131823.h0DINJbE014752 at mailserver3.hushmail.com>

I'm not going to address the veracity of the narrative
text of this posting, however the exploit is real.  I
believe that the patch to mpg123 given below closes
this particular hole.  I have no affiliation with the
authors of mpg123 and haven't contacted them, but am
providing this patch now because an exploit is
publically available.
I can, if necessary, provide further explanation of the
exploit and the rationale behind the patch but will not
do so at this late hour.  This patch is with respect to
mpg123-pre0.59s and is to the file common.c:

--- common.c.orig       Wed Jan 15 02:16:08 2003
+++ common.c    Wed Jan 15 02:18:52 2003
@@ -579,6 +579,11 @@
         fprintf(stderr,"Sorry, unknown layer
type.\n");
         return (0);
     }
+    if (fr->framesize>MAX_INPUT_FRAMESIZE) {
+       fprintf(stderr,"Frame size too big.\n");
+       fr->framesize = MAX_INPUT_FRAMESIZE;
+       return 0;
+    }

     if(!fr->bitrate_index) {
         /* fprintf(stderr,"Warning, Free format not
heavily tested: (head %08lx)\n",newhead); */


Sincerely,
Benjamin Tober



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list