int(1843)

Boletines de Vulnerabilidades

Ejecución remota de código en RealPlayer y Helix Player

Clasificación de la vulnerabilidad
Propiedad Valor
Nivel de Confianza Oficial
Impacto Obtener acceso
Dificultad Principiante
Requerimientos del atacante Acceso remoto sin cuenta a un servicio exotico

Información sobre el sistema
Propiedad Valor
Fabricante afectado Comercial Software
Software afectado RealPlayer 10.0.5.756 (gold)
Helix Media Player

Descripción
Se ha descubierto un bug de formato en Helix Player y RealPlayer versión 10.0.5.756 (gold) para sistemas Linux/Unix.

Un atacante remoto podría ejecutar comandos arbitrarios con los privilegios del cliente Helix Player o RealPlayer mediante un fichero RealPix o RealText especialmente diseñado.

Existe un exploit público disponible en Internet.

Solución


Actualización de software

RealPlayer
RealPlayer 10 (10.0.0 - 5) / Linux
http://www.real.com/linux
Helix Player (10.0.0 - 5) / Linux
http://player.helixcommunity.org/downloads/

Red Hat

Red Hat Desktop (v. 4) / SRPMS
HelixPlayer-1.0.6-0.EL4.1.src.rpm

Red Hat Desktop (v. 4) / IA-32
HelixPlayer-1.0.6-0.EL4.1.i386.rpm

Red Hat Desktop (v. 4) / x86_64
HelixPlayer-1.0.6-0.EL4.1.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / SRPMS
HelixPlayer-1.0.6-0.EL4.1.src.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-32
HelixPlayer-1.0.6-0.EL4.1.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / PPC
HelixPlayer-1.0.6-0.EL4.1.ppc.rpm

Red Hat Enterprise Linux AS (v. 4) / x86_64
HelixPlayer-1.0.6-0.EL4.1.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / SRPMS
HelixPlayer-1.0.6-0.EL4.1.src.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-32
HelixPlayer-1.0.6-0.EL4.1.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / x86_64
HelixPlayer-1.0.6-0.EL4.1.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / SRPMS
HelixPlayer-1.0.6-0.EL4.1.src.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-32
HelixPlayer-1.0.6-0.EL4.1.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / x86_64
HelixPlayer-1.0.6-0.EL4.1.i386.rpm

Red Hat Enterprise Linux Extras (v. 3) / IA-32
realplayer-10.0.6-0.rhel3.2.i386.rpm
realplayer-10.0.6-0.rhel3.2.i386.rpm
realplayer-10.0.6-0.rhel3.2.i386.rpm
realplayer-10.0.6-0.rhel3.2.i386.rpm

Red Hat Enterprise Linux Extras (v. 3) / x86_64
realplayer-10.0.6-0.rhel3.2.i386.rpm
realplayer-10.0.6-0.rhel3.2.i386.rpm
realplayer-10.0.6-0.rhel3.2.i386.rpm
realplayer-10.0.6-0.rhel3.2.i386.rpm

Red Hat Enterprise Linux Extras (v. 4) / IA-32
RealPlayer-10.0.6-2.i386.rpm
RealPlayer-10.0.6-2.i386.rpm
RealPlayer-10.0.6-2.i386.rpm
RealPlayer-10.0.6-2.i386.rpm

Red Hat Enterprise Linux Extras (v. 4) / x86_64
RealPlayer-10.0.6-2.i386.rpm
RealPlayer-10.0.6-2.i386.rpm
RealPlayer-10.0.6-2.i386.rpm
RealPlayer-10.0.6-2.i386.rpm

Debian (helix)

Debian Linux 3.1
Source
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.dsc
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.diff.gz
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz
Intel IA-32
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_i386.deb
PowerPC
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_powerpc.deb

Suse (RealPlayer)
SUSE LINUX 10.0 / x86
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/RealPlayer-10.0.6-3.2.i586.rpm
SUSE LINUX 10.0 / Sources
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/RealPlayer-10.0.6-3.2.nosrc.rpm
SUSE LINUX 9.3 / x86
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/RealPlayer-10.0.6-1.4.i586.rpm
SUSE LINUX 9.3 / Sources
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/RealPlayer-10.0.6-1.4.src.rpm
SUSE LINUX 9.2 / x86
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.6-1.4.i586.rpm
SUSE LINUX 9.2 / Sources
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/RealPlayer-10.0.6-1.4.src.rpm

Identificadores estándar
Propiedad Valor
CVE CAN-2005-2710
BID

Recursos adicionales
Red Hat Security Advisory (RHSA-2005:788-3)
https://rhn.redhat.com/errata/RHSA-2005-788.html

Red Hat Security Advisory (RHSA-2005:762-12)
https://rhn.redhat.com/errata/RHSA-2005-762.html

Debian Security Advisory (DSA 826-1)
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00218.html

RealNetworks Security Advisory
http://service.real.com/help/faq/security/050930_player/EN/

SUSE Security Advisory (SUSE-SA:2005:059)
http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html

Histórico de versiones
Versión Comentario Fecha
1.0 Aviso emitido 2005-09-29
1.1 Aviso emitido por Red Hat (RHSA-2005:762-12) 2005-10-03
1.2 Aviso emitido por Debian (DSA 826-1) 2005-10-04
1.3 Aviso emitido por RealNetworks 2005-10-10
1.4 Aviso emitido por Suse (SUSE-SA:2005:059) 2005-10-19

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT