Rapid7 Vulnerability & Exploit Database

RHSA-2002:078: Updated mpg321 packages available

Back to Search

RHSA-2002:078: Updated mpg321 packages available

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
05/31/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated mpg321 packages are available for Red Hat Linux 7.2, which fix a buffer overflow in the network streaming code as well as other bugs.

mpg321 is a GPL command-line mp3 player. It is possible for mpg321 before version 0.2.9 to segfault if given certain specifically crafted data. In the case of network streaming, this data would be remotely supplied, which could lead to remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0272 to this issue. It is recommended that users of mpg321 upgrade to these errata packages containing mpg321 version 0.2.10, which is not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-libmad
  • redhat-upgrade-mpg321

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;