MPlayer Remote HTTP Header Buffer Overflow Vulnerability
BID:10008
Info
MPlayer Remote HTTP Header Buffer Overflow Vulnerability
| Bugtraq ID: | 10008 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2004 12:00AM |
| Updated: | Mar 30 2004 12:00AM |
| Credit: | Discovery of this issue is credited to blexim <[email protected]>. |
| Vulnerable: |
MPlayer MPlayer 1.0 pre1 MPlayer MPlayer 0.91 MPlayer MPlayer 0.90 rc series MPlayer MPlayer 0.90 pre series MPlayer MPlayer 0.90 Gentoo Linux 1.4 _rc3 Gentoo Linux 1.4 _rc2 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.4 Gentoo Linux 1.2 Gentoo Linux 1.1 a Gentoo Linux 0.7 Gentoo Linux 0.5 |
| Not Vulnerable: |
MPlayer MPlayer 1.0 pre3try2 MPlayer MPlayer 0.92.1 MPlayer MPlayer HEAD CVS MPlayer MPlayer 0_92 CVS |
Discussion
MPlayer Remote HTTP Header Buffer Overflow Vulnerability
It has been reported that MPlayer is prone to a remote HTTP header buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer bounds on the 'Location' HTTP header during parsing.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
It has been reported that MPlayer is prone to a remote HTTP header buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer bounds on the 'Location' HTTP header during parsing.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
Exploit / POC
MPlayer Remote HTTP Header Buffer Overflow Vulnerability
The following proof of concept has been provided:
Issuing the following command will cause the affected process to crash:
$ mplayer http://`perl -e 'print "\""x1024;'`
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
The following proof of concept has been provided:
Issuing the following command will cause the affected process to crash:
$ mplayer http://`perl -e 'print "\""x1024;'`
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
MPlayer Remote HTTP Header Buffer Overflow Vulnerability
Solution:
The vendor has released upgrades dealing with this issue.
Gentoo has released advisory GLSA 200403-13. To obtain updates, enter the following commands depending on system architecture:
x86 and sparc:
# emerge sync
# emerge -pv ">=media-video/mplayer-0.92-r1"
# emerge ">=media-video/mplayer-0.92-r1"
amd64:
# emerge sync
# emerge -pv ">=media-video/mplayer-1.0_pre2-r1"
# emerge ">=media-video/mplayer-1.0_pre2-r1"
ppc:
# emerge sync
# emerge -pv ">=media-video/mplayer-1.0_pre3-r2"
# emerge ">=media-video/mplayer-1.0_pre3-r2"
Mandrake has released security advisory MDKSA-2004:026 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
MPlayer MPlayer 0.90 pre series
MPlayer MPlayer 0.90 rc series
MPlayer MPlayer 0.90
MPlayer MPlayer 0.91
MPlayer MPlayer 1.0 pre1
Solution:
The vendor has released upgrades dealing with this issue.
Gentoo has released advisory GLSA 200403-13. To obtain updates, enter the following commands depending on system architecture:
x86 and sparc:
# emerge sync
# emerge -pv ">=media-video/mplayer-0.92-r1"
# emerge ">=media-video/mplayer-0.92-r1"
amd64:
# emerge sync
# emerge -pv ">=media-video/mplayer-1.0_pre2-r1"
# emerge ">=media-video/mplayer-1.0_pre2-r1"
ppc:
# emerge sync
# emerge -pv ">=media-video/mplayer-1.0_pre3-r2"
# emerge ">=media-video/mplayer-1.0_pre3-r2"
Mandrake has released security advisory MDKSA-2004:026 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
MPlayer MPlayer 0.90 pre series
-
MPlayer MPlayer-0.92.1.tar.bz2
http://ftp3.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2
MPlayer MPlayer 0.90 rc series
-
MPlayer MPlayer-0.92.1.tar.bz2
http://ftp3.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2
MPlayer MPlayer 0.90
-
MPlayer MPlayer-0.92.1.tar.bz2
http://ftp3.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2
MPlayer MPlayer 0.91
-
Mandrake lib64postproc0-0.91-8.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64postproc0-devel-0.91-8.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libdha0.1-0.91-8.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libpostproc0-0.91-8.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libpostproc0-devel-0.91-8.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mencoder-0.91-8.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mencoder-0.91-8.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mplayer-0.91-8.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mplayer-0.91-8.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mplayer-gui-0.91-8.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mplayer-gui-0.91-8.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
MPlayer MPlayer-0.92.1.tar.bz2
http://ftp3.mplayerhq.hu/MPlayer/releases/MPlayer-0.92.1.tar.bz2
MPlayer MPlayer 1.0 pre1
-
MPlayer MPlayer-1.0pre3try2.tar.bz2
http://ftp3.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre3try2.tar.bz2
References
MPlayer Remote HTTP Header Buffer Overflow Vulnerability
References:
References:
- MPlayer Homepage (MPlayer)
- Heap overflow in MPlayer ("blexim"
)