other link: http://online.securityfocus.com/archive/1/306727 http://www.mpg123.de/ has this stated: MPG123 News 16. Jan. 2003 Important information about the Gobble Exploit: It seems, that only the pre0.59s version is vulnerable. The hotfix is to increase the MAX_INPUT_FRAMESIZE to a big value. Ie 4096. I will review the whole code this weekend. I will also try to supply an mp3 checker this weekend. So it is not necessary to remove all your mp3s. Just do not play them with a potentially vulnerable player and check them later. Thanx. We need to check xmms as well as mpg123 for this. :/
We have the lastest stable version in the tree, 0.59r, which is not vulnerable. However, a patch was posted to fix a bug in 0.59r: Dear Benjamin Tober, Latest release mpg123 0.59r uses large enough buffer size and may not be exploited this way. But both versions have another one bug in frame size calculation - zero bitrate will lead to negative frame size to be calculated. Unchecked patches: for 0.59r: --- common.old 2003-01-15 21:42:15.000000000 +0300 +++ common.c 2003-01-15 21:42:38.000000000 +0300 @@ -123,7 +123,7 @@ return FALSE; if(!((head>>17)&3)) return FALSE; - if( ((head>>12)&0xf) == 0xf) + if( ((head>>12)&0xf) == 0xf || (head>>12)&0xf) == 0) return FALSE; if( ((head>>10)&0x3) == 0x3 ) return FALSE;
media-sound/mpg123-0.59s is now in the tree. changing resolution to FIXED
