Vulnerability Bulletins

int(1843)

Vulnerability Bulletins

Ejecución remota de código en RealPlayer y Helix Player
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Principiante
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	Comercial Software
Affected software	RealPlayer 10.0.5.756 (gold) Helix Media Player
Description
Se ha descubierto un bug de formato en Helix Player y RealPlayer versión 10.0.5.756 (gold) para sistemas Linux/Unix. Un atacante remoto podría ejecutar comandos arbitrarios con los privilegios del cliente Helix Player o RealPlayer mediante un fichero RealPix o RealText especialmente diseñado. Existe un exploit público disponible en Internet.
Solution
Actualización de software RealPlayer RealPlayer 10 (10.0.0 - 5) / Linux http://www.real.com/linux Helix Player (10.0.0 - 5) / Linux http://player.helixcommunity.org/downloads/ Red Hat Red Hat Desktop (v. 4) / SRPMS HelixPlayer-1.0.6-0.EL4.1.src.rpm Red Hat Desktop (v. 4) / IA-32 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Desktop (v. 4) / x86_64 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS HelixPlayer-1.0.6-0.EL4.1.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux AS (v. 4) / PPC HelixPlayer-1.0.6-0.EL4.1.ppc.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS HelixPlayer-1.0.6-0.EL4.1.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS HelixPlayer-1.0.6-0.EL4.1.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux Extras (v. 3) / IA-32 realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm Red Hat Enterprise Linux Extras (v. 3) / x86_64 realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm realplayer-10.0.6-0.rhel3.2.i386.rpm Red Hat Enterprise Linux Extras (v. 4) / IA-32 RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm Red Hat Enterprise Linux Extras (v. 4) / x86_64 RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm RealPlayer-10.0.6-2.i386.rpm Debian (helix) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.dsc http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.diff.gz http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz Intel IA-32 http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_i386.deb PowerPC http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_powerpc.deb Suse (RealPlayer) SUSE LINUX 10.0 / x86 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/RealPlayer-10.0.6-3.2.i586.rpm SUSE LINUX 10.0 / Sources ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/RealPlayer-10.0.6-3.2.nosrc.rpm SUSE LINUX 9.3 / x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/RealPlayer-10.0.6-1.4.i586.rpm SUSE LINUX 9.3 / Sources ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/RealPlayer-10.0.6-1.4.src.rpm SUSE LINUX 9.2 / x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.6-1.4.i586.rpm SUSE LINUX 9.2 / Sources ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/RealPlayer-10.0.6-1.4.src.rpm
Standar resources
Property	Value
CVE	CAN-2005-2710
BID
Other resources
Red Hat Security Advisory (RHSA-2005:788-3) https://rhn.redhat.com/errata/RHSA-2005-788.html Red Hat Security Advisory (RHSA-2005:762-12) https://rhn.redhat.com/errata/RHSA-2005-762.html Debian Security Advisory (DSA 826-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00218.html RealNetworks Security Advisory http://service.real.com/help/faq/security/050930_player/EN/ SUSE Security Advisory (SUSE-SA:2005:059) http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-09-29
1.1	Aviso emitido por Red Hat (RHSA-2005:762-12)	2005-10-03
1.2	Aviso emitido por Debian (DSA 826-1)	2005-10-04
1.3	Aviso emitido por RealNetworks	2005-10-10
1.4	Aviso emitido por Suse (SUSE-SA:2005:059)	2005-10-19

Vulnerability Bulletins

Ejecución remota de código en RealPlayer y Helix Player

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history