Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnwatch mailing list archives

Followup to Gobbles post
From: Rain Forest Puppy <rfp () vulnwatch org>
Date: Wed, 15 Jan 2003 17:02:01 +0000 (GMT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Some of you have written in wondering if the Gobbles post was a hoax or
not.

Skipping past all the RIAA stuff (I can't exactly confirm any of that),
there is still the issue of a buffer overflow in mpg123 version 0.59s.
That *is* real, and so is the exploit that is attached (which, if
successful in exploitation, will run 'rm -rf ~').

So yes, there is a mpg123 vulnerability in the latest development version
(which some linux distros ship).  The latest stable version (0.59r) seems
to be OK for the moment.

As for the 'hydra' (Swordfish, anyone?), RIAA involvement, and massive P2P
neworking compromises, well, that's for you to determine.

Your loving VulnWatchdog,
- - rain forest puppy


-----BEGIN PGP SIGNATURE-----
Comment: Public key at http://www.wiretrip.net/rfp/gpg-key.txt

iD8DBQE+JZM08z6qql3x7WgRAsUEAJ0QgAgcMMZcLrmk901MwCh4r3aT5QCg11uT
8IM88jjj3fAYz6LL7i6Lix4=
=QL6U
-----END PGP SIGNATURE-----

  By Date           By Thread  

Current thread:
  • Followup to Gobbles post Rain Forest Puppy (Jan 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]