Vulnerability Bulletins

int(1559)

Vulnerability Bulletins

Múltiples desbordamientos de búfer en xine-lib
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	xine-lib MPlayer <=1.0pre6
Description
Se han descubierto múltiples desbordamientos de búfer en la zona de heap en xine-lib. Las vulnerabilidades residen en el código usado para manejar flujos MMS sobre TCP y flujos RealMedia RTSP. La explotación de estas vulnerabilidades podría permitir a un atacante remoto ejecutar código arbitrario con los privilegios del usuario que este ejecutando una aplicación que utilice la librería vulnerable. Un ejemplo destacado de aplicación vulnerable es MPlayer en las versiones 1.0pre6 y anteriores.
Solution
Actualización de software MPlayer MPlayer 1.0pre7 http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre7.tar.bz2 SUSE Linux Actualizar mediante YaST Online Update Mandriva Linux Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm Mandrivalinux LE2005 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libdha1.0-1.0-0.pre6.8.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libpostproc0-1.0-0.pre6.8.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm
Standar resources
Property	Value
CVE	CAN-2005-1195
BID
Other resources
MPlayer Security Advisory 2005.04.16 Real RTSP heap overflow http://www.mplayerhq.hu/homepage/design7/news.html#vuln10 Mplayer Security Advisory 2005.04.16 MMST heap overflow http://www.mplayerhq.hu/homepage/design7/news.html#vuln11 SUSE Security Summary Report SUSE-SR:2005:013 http://www.novell.com/linux/security/advisories/2005_13_sr.html Mandriva Security Advisories MDKSA-2005:115 http://www.mandriva.com/security/advisories?name=MDKSA-2005:115

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-05-03
1.1	Aviso emitido por SUSE (SUSE-SR:2005:013)	2005-05-20
1.2	Aviso emitido por Mandriva (MDKSA-2005:115)	2005-07-12

Vulnerability Bulletins

Múltiples desbordamientos de búfer en xine-lib

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history