MikMod Module Player Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with MikMod Module Player and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will let the attacker crash the application to cause denial-of-service condition. Impact level: Application

Solution

Apply Patch, http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5 filename=31.xm-header.patch att=1 bug=476339

Insight

- libmikmod library using a global variable to keep track of the number of channels can be exploited to crash an application using the library by loading a module with more channels than the currently playing module. - Error when processing the header of certain XM files which can be exploited to crash an application using the library via a specially crafted XM file.

Affected

MikMod Module Player version 3.1.11 to 3.2.0 on Linux.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519
http://secunia.com/advisories/33485

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0179
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Firefox XUL Parsing Denial of Service Vulnerability (Win)
Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
Denial of Service (DoS) in Microsoft SMS Client
FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win)

MikMod Module Player Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities