SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   MPlayer Vendors:   mplayerhq.hu
(Mandrake Issues Fix) MPlayer Has Multiple Stack/Heap/Buffer Overflows That May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012688
SecurityTracker URL:  http://securitytracker.com/id/1012688
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 24 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.0pre5try2
Description:   Several buffer overflow vulnerabilities were reported in MPlayer. A remote user may be able to execute arbitrary code on the target user's system.

The vendor reported that there is a potential heap overflow in the processing of Real RTSP streams in the real_setup_and_get_header() function in 'libmpdemux/realrtsp/real.c'. There is also a heap overflow in the PNM streaming code in 'libmpdemux/pnm.c'.

A stack overflow is reported in the MMST streaming code in 'libmpdemux/asf_mmst_streaming.c'.

Several buffer overflows are reported in 'libmpdemux/demuxer.c' and a buffer overflow is reported in 'mp3lib/layer2.c'.

iDEFENSE is credited with reporting some of these flaws. Others were discovered by the vendor.

The vendor was notified on December 10, 2004.

Impact:   A remote user may be able to cause arbitrary code to be executed on the target user's computer with the privileges of the target user.
Solution:   Mandrake has released a fix.

Mandrakelinux 10.0:
ffdf4b22ac493b3d50c91ea53b3eac95 10.0/RPMS/libdha0.1-1.0-0.pre3.14.100mdk.i586.rpm
0ce288d8301695608bc934e20f3d6ae2 10.0/RPMS/libpostproc0-1.0-0.pre3.14.100mdk.i586.rpm
2e8b0a7d9d7336be095c0e66a5d13551 10.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.100mdk.i586.rpm
df9575c1164860609049f7b980f0d4bb 10.0/RPMS/mencoder-1.0-0.pre3.14.100mdk.i586.rpm
ad63e5f042e446d7d865dd67d8436111 10.0/RPMS/mplayer-1.0-0.pre3.14.100mdk.i586.rpm
87da5dc2082a30bf846463935e9c032c 10.0/RPMS/mplayer-gui-1.0-0.pre3.14.100mdk.i586.rpm
411a086e2fd7a2d6d8115330bfebf8f2 10.0/SRPMS/mplayer-1.0-0.pre3.14.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
496a51acbfb73c9e96f91e65f827460f amd64/10.0/RPMS/lib64postproc0-1.0-0.pre3.14.100mdk.amd64.rpm
288c38dca2ba88876c5b28805ae5b65b amd64/10.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.100mdk.amd64.rpm
32afa85e2ceb44eed56970d95be428e8 amd64/10.0/RPMS/mencoder-1.0-0.pre3.14.100mdk.amd64.rpm
3e7b9191891b2c2b690a85134b1b9d7b amd64/10.0/RPMS/mplayer-1.0-0.pre3.14.100mdk.amd64.rpm
bd2435043f70e9213ff18a7b862b1aea amd64/10.0/RPMS/mplayer-gui-1.0-0.pre3.14.100mdk.amd64.rpm
411a086e2fd7a2d6d8115330bfebf8f2 amd64/10.0/SRPMS/mplayer-1.0-0.pre3.14.100mdk.src.rpm

Mandrakelinux 10.1:
67087fd39fc404574765347a674e3d47 10.1/RPMS/libdha1.0-1.0-0.pre5.7.101mdk.i586.rpm
844773d2a6672530b70bb6813fce016e 10.1/RPMS/libpostproc0-1.0-0.pre5.7.101mdk.i586.rpm
1daf2b9c24c8008bbf9c20caa2b33724 10.1/RPMS/libpostproc0-devel-1.0-0.pre5.7.101mdk.i586.rpm
401a9725b7ae5cb52cff9c545aff66e3 10.1/RPMS/mencoder-1.0-0.pre5.7.101mdk.i586.rpm
ac034976bedeb442864518eafa4433a1 10.1/RPMS/mplayer-1.0-0.pre5.7.101mdk.i586.rpm
d9e859d2b707415f7ab47c959338652c 10.1/RPMS/mplayer-gui-1.0-0.pre5.7.101mdk.i586.rpm
a8b9342645993dd59089847aa2151411 10.1/SRPMS/mplayer-1.0-0.pre5.7.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
d2ca93cc253090002c5122b56c7f5c80 x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.7.101mdk.i586.rpm
eb59719fb7d84fbc18cc4959f1b9c5c9 x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.7.101mdk.i586.rpm
b0becbdf9766370108a77f6bd65f964e x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.7.101mdk.i586.rpm
3dc6189ecffa58e9a8214277a4dd8f3a x86_64/10.1/RPMS/mencoder-1.0-0.pre5.7.101mdk.i586.rpm
5fa13f95faa4b1158c9936a5d23abfaa x86_64/10.1/RPMS/mplayer-1.0-0.pre5.7.101mdk.i586.rpm
22a188a5daca20064b5b9c19e8754c2c x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.7.101mdk.i586.rpm
a8b9342645993dd59089847aa2151411 x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.7.101mdk.src.rpm

Vendor URL:  www.mplayerhq.hu/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  10.0, 10.1

Message History:   This archive entry is a follow-up to the message listed below.
Dec 16 2004 MPlayer Has Multiple Stack/Heap/Buffer Overflows That May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [Security Announce] MDKSA-2004:157 - Updated mplayer packages fix


This is a multi-part message in MIME format...

------------=_1103735678-1122-6503

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           mplayer
 Advisory ID:            MDKSA-2004:157
 Date:                   December 22nd, 2004

 Affected versions:	 10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 A number of vulnerabilities were discovered in the MPlayer program by
 iDEFENSE, Ariel Berkman, and the MPlayer development team.  These
 vulnerabilities include potential heap overflows in Real RTSP and pnm
 streaming code, stack overflows in MMST streaming code, and multiple
 buffer overflows in the BMP demuxer and mp3lib code.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://www.idefense.com/application/poi/display?id=168&type=vulnerabilities
  http://www.idefense.com/application/poi/display?id=167&type=vulnerabilities
  http://www.idefense.com/application/poi/display?id=166&type=vulnerabilities
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 ffdf4b22ac493b3d50c91ea53b3eac95  10.0/RPMS/libdha0.1-1.0-0.pre3.14.100mdk.i586.rpm
 0ce288d8301695608bc934e20f3d6ae2  10.0/RPMS/libpostproc0-1.0-0.pre3.14.100mdk.i586.rpm
 2e8b0a7d9d7336be095c0e66a5d13551  10.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.100mdk.i586.rpm
 df9575c1164860609049f7b980f0d4bb  10.0/RPMS/mencoder-1.0-0.pre3.14.100mdk.i586.rpm
 ad63e5f042e446d7d865dd67d8436111  10.0/RPMS/mplayer-1.0-0.pre3.14.100mdk.i586.rpm
 87da5dc2082a30bf846463935e9c032c  10.0/RPMS/mplayer-gui-1.0-0.pre3.14.100mdk.i586.rpm
 411a086e2fd7a2d6d8115330bfebf8f2  10.0/SRPMS/mplayer-1.0-0.pre3.14.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 496a51acbfb73c9e96f91e65f827460f  amd64/10.0/RPMS/lib64postproc0-1.0-0.pre3.14.100mdk.amd64.rpm
 288c38dca2ba88876c5b28805ae5b65b  amd64/10.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.100mdk.amd64.rpm
 32afa85e2ceb44eed56970d95be428e8  amd64/10.0/RPMS/mencoder-1.0-0.pre3.14.100mdk.amd64.rpm
 3e7b9191891b2c2b690a85134b1b9d7b  amd64/10.0/RPMS/mplayer-1.0-0.pre3.14.100mdk.amd64.rpm
 bd2435043f70e9213ff18a7b862b1aea  amd64/10.0/RPMS/mplayer-gui-1.0-0.pre3.14.100mdk.amd64.rpm
 411a086e2fd7a2d6d8115330bfebf8f2  amd64/10.0/SRPMS/mplayer-1.0-0.pre3.14.100mdk.src.rpm

 Mandrakelinux 10.1:
 67087fd39fc404574765347a674e3d47  10.1/RPMS/libdha1.0-1.0-0.pre5.7.101mdk.i586.rpm
 844773d2a6672530b70bb6813fce016e  10.1/RPMS/libpostproc0-1.0-0.pre5.7.101mdk.i586.rpm
 1daf2b9c24c8008bbf9c20caa2b33724  10.1/RPMS/libpostproc0-devel-1.0-0.pre5.7.101mdk.i586.rpm
 401a9725b7ae5cb52cff9c545aff66e3  10.1/RPMS/mencoder-1.0-0.pre5.7.101mdk.i586.rpm
 ac034976bedeb442864518eafa4433a1  10.1/RPMS/mplayer-1.0-0.pre5.7.101mdk.i586.rpm
 d9e859d2b707415f7ab47c959338652c  10.1/RPMS/mplayer-gui-1.0-0.pre5.7.101mdk.i586.rpm
 a8b9342645993dd59089847aa2151411  10.1/SRPMS/mplayer-1.0-0.pre5.7.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 d2ca93cc253090002c5122b56c7f5c80  x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.7.101mdk.i586.rpm
 eb59719fb7d84fbc18cc4959f1b9c5c9  x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.7.101mdk.i586.rpm
 b0becbdf9766370108a77f6bd65f964e  x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.7.101mdk.i586.rpm
 3dc6189ecffa58e9a8214277a4dd8f3a  x86_64/10.1/RPMS/mencoder-1.0-0.pre5.7.101mdk.i586.rpm
 5fa13f95faa4b1158c9936a5d23abfaa  x86_64/10.1/RPMS/mplayer-1.0-0.pre5.7.101mdk.i586.rpm
 22a188a5daca20064b5b9c19e8754c2c  x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.7.101mdk.i586.rpm
 a8b9342645993dd59089847aa2151411  x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.7.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFByaXZmqjQ0CJFipgRAiLwAKCSSJzA5d5EP63QazWdm0DSnj7+YACg4785
q4lThbYKEd0RUH5/6dBHT1A=
=cVYr
-----END PGP SIGNATURE-----


------------=_1103735678-1122-6503
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

------------=_1103735678-1122-6503--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC