Miembros de
Boletines de Vulnerabilidades |
Desbordamiento de entero en VLC y Mplayer |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado |
VLC Mplayer |
Descripción |
|
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de entero en el paquete "vlc" y el reproductor "mplayer" de Debian 5.0. La vulnerabilidad reside en un error en la validación de datos del "real data transport" RDT, que permite un desbordamiento de entero. Un atacante remoto podría ejecutar código abitrario mediante la manipulación maliciosa de una cadena. |
|
Solución |
|
|
Actualización de software Debian (DSA-2043-1) Debian Linux 5.0 Source http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.dsc http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.diff.gz http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2.orig.tar.gz independent packages: http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc2-17+lenny3.2_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_alpha.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_amd64.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_arm.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_arm.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_hppa.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_i386.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_ia64.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mips.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mipsel.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_powerpc.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_s390.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_sparc.deb http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_sparc.deb Debian (DSA 2044-1) Debian Linux 5.0 Source http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.dsc kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.diff.gz kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2.orig.tar.gz kb978542 Architecture independent packages: http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc2-17+lenny3.2_all.deb kb978542 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_alpha.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_alpha.deb kb978542 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_amd64.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_amd64.deb kb978542 arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_arm.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_arm.deb kb978542 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_hppa.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_hppa.deb kb978542 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_i386.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_i386.deb kb978542 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_ia64.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_ia64.deb kb978542 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mips.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mips.deb kb978542 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mipsel.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mipsel.deb kb978542 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_powerpc.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_powerpc.deb kb978542 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_s390.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_s390.deb kb978542 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_sparc.deb kb978542 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_sparc.deb kb978542 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | |
| BID | |
Recursos adicionales |
|
|
Debian Security Advisory (DSA-2043-1) http://lists.debian.org/debian-security-announce/2010/msg00084.html Debian Security Advisory (DSA-2044-1) http://lists.debian.org/debian-security-announce/2010/msg00085.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2010-05-14 |