Followup to Gobbles post

[Rain Forest Puppy <rfp () vulnwatch org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Some of you have written in wondering if the Gobbles post was a hoax or
not.

Skipping past all the RIAA stuff (I can't exactly confirm any of that),
there is still the issue of a buffer overflow in mpg123 version 0.59s.
That *is* real, and so is the exploit that is attached (which, if
successful in exploitation, will run 'rm -rf ~').

So yes, there is a mpg123 vulnerability in the latest development version
(which some linux distros ship).  The latest stable version (0.59r) seems
to be OK for the moment.

As for the 'hydra' (Swordfish, anyone?), RIAA involvement, and massive P2P
neworking compromises, well, that's for you to determine.

Your loving VulnWatchdog,
- - rain forest puppy


-----BEGIN PGP SIGNATURE-----
Comment: Public key at http://www.wiretrip.net/rfp/gpg-key.txt

iD8DBQE+JZM08z6qql3x7WgRAsUEAJ0QgAgcMMZcLrmk901MwCh4r3aT5QCg11uT
8IM88jjj3fAYz6LL7i6Lix4=
=QL6U
-----END PGP SIGNATURE-----