Boletines de Vulnerabilidades |
Ejecución remota de código en RealPlayer y Helix Player |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Principiante |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | Comercial Software |
Software afectado |
RealPlayer 10.0.5.756 (gold) Helix Media Player |
Descripción |
|
Se ha descubierto un bug de formato en Helix Player y RealPlayer versión 10.0.5.756 (gold) para sistemas Linux/Unix. Un atacante remoto podría ejecutar comandos arbitrarios con los privilegios del cliente Helix Player o RealPlayer mediante un fichero RealPix o RealText especialmente diseñado. Existe un exploit público disponible en Internet. |
|
Solución |
|
Actualización de software RealPlayer RealPlayer 10 (10.0.0 - 5) / Linux http://www.real.com/linux Helix Player (10.0.0 - 5) / Linux http://player.helixcommunity.org/downloads/ Red Hat Red Hat Desktop (v. 4) / SRPMS HelixPlayer-1.0.6-0.EL4.1.src.rpm Red Hat Desktop (v. 4) / IA-32 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Desktop (v. 4) / x86_64 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS HelixPlayer-1.0.6-0.EL4.1.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux AS (v. 4) / PPC HelixPlayer-1.0.6-0.EL4.1.ppc.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS HelixPlayer-1.0.6-0.EL4.1.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS HelixPlayer-1.0.6-0.EL4.1.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux Extras (v. 3) / IA-32 realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm Red Hat Enterprise Linux Extras (v. 3) / x86_64 realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm Red Hat Enterprise Linux Extras (v. 4) / IA-32 RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm Red Hat Enterprise Linux Extras (v. 4) / x86_64 RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm Debian (helix) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.dsc http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.diff.gz http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz Intel IA-32 http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_i386.deb PowerPC http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_powerpc.deb Suse (RealPlayer) SUSE LINUX 10.0 / x86 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/RealPlayer-10.0.6-3.2.i586.rpm SUSE LINUX 10.0 / Sources ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/RealPlayer-10.0.6-3.2.nosrc.rpm SUSE LINUX 9.3 / x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/RealPlayer-10.0.6-1.4.i586.rpm SUSE LINUX 9.3 / Sources ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/RealPlayer-10.0.6-1.4.src.rpm SUSE LINUX 9.2 / x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.6-1.4.i586.rpm SUSE LINUX 9.2 / Sources ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/RealPlayer-10.0.6-1.4.src.rpm |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2005-2710 |
BID | |
Recursos adicionales |
|
Red Hat Security Advisory (RHSA-2005:788-3) https://rhn.redhat.com/errata/RHSA-2005-788.html Red Hat Security Advisory (RHSA-2005:762-12) https://rhn.redhat.com/errata/RHSA-2005-762.html Debian Security Advisory (DSA 826-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00218.html RealNetworks Security Advisory http://service.real.com/help/faq/security/050930_player/EN/ SUSE Security Advisory (SUSE-SA:2005:059) http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-09-29 |
1.1 | Aviso emitido por Red Hat (RHSA-2005:762-12) | 2005-10-03 |
1.2 | Aviso emitido por Debian (DSA 826-1) | 2005-10-04 |
1.3 | Aviso emitido por RealNetworks | 2005-10-10 |
1.4 | Aviso emitido por Suse (SUSE-SA:2005:059) | 2005-10-19 |