RealNetworks RealPlayer Enterprise RAM File Parsing Buffer Overflow Vulnerability

Bugtraq ID:	13264
Class:	Boundary Condition Error
CVE:	CVE-2005-0755
Remote:	Yes
Local:	No
Published:	Apr 19 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	Piotr Bania <[email protected]> is credited with the discovery of this issue.
Vulnerable:	Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 3 Redhat Desktop 3.0 RealNetworks RealPlayer For Unix 10.0.3 + S.u.S.E. Linux Personal 9.3 + S.u.S.E. Linux Personal 9.2 RealNetworks RealPlayer Enterprise 1.7 RealNetworks RealPlayer Enterprise 1.6 RealNetworks RealPlayer Enterprise 1.5 RealNetworks RealPlayer Enterprise 1.2 RealNetworks RealPlayer Enterprise 1.1 RealNetworks RealPlayer Enterprise RealNetworks RealPlayer 10 for Mac OS 10.0.0.325 RealNetworks RealPlayer 10 for Mac OS 10.0.0.305 RealNetworks RealPlayer 10 for Mac OS RealNetworks RealPlayer 10 for Linux RealNetworks RealPlayer 10.5 v6.0.12.1056 RealNetworks RealPlayer 10.5 v6.0.12.1053 RealNetworks RealPlayer 10.5 v6.0.12.1040 RealNetworks RealPlayer 10.0 + S.u.S.E. cvsup-16.1h-43.i586.rpm + S.u.S.E. Linux Personal 9.3 + S.u.S.E. Linux Personal 9.2 RealNetworks RealPlayer 8.0 Win32 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 SP1 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows XP Home - Microsoft Windows XP Professional RealNetworks RealPlayer 8.0 Unix - Caldera OpenLinux Workstation 3.1 - Debian Linux 2.2 IA-32 - Debian Linux 2.2 alpha - HP HP-UX 11.11 - HP HP-UX 11.0 - IBM AIX 4.3.3 - IBM AIX 4.3.2 - IBM AIX 4.3.1 - IBM AIX 4.3 - IBM AIX 4.2.1 - IBM AIX 4.2 - Mandriva Linux Mandrake 8.0 - Mandriva Linux Mandrake 7.2 - Redhat Linux 7.2 i386 - Redhat Linux 7.1 i386 - Redhat Linux 7.0 i386 - Redhat Linux 6.2 sparc - Redhat Linux 6.2 i386 - Redhat Linux 6.2 alpha + S.u.S.E. Linux Personal 9.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 - SCO eDesktop 2.4 - SGI IRIX 6.5.14 - SGI IRIX 6.5.13 m - SGI IRIX 6.5.13 f - SGI IRIX 6.5.13 - SGI IRIX 6.5.12 m - SGI IRIX 6.5.12 f - SGI IRIX 6.5.12 - SGI IRIX 6.5.11 m - SGI IRIX 6.5.11 f - SGI IRIX 6.5.11 - SGI IRIX 6.3 - Slackware Linux 8.0 - Slackware Linux 7.1 - Slackware Linux 7.0 - Sun Solaris 7.0 - Sun Solaris 2.6 + SuSE Linux 8.1 - SuSE Linux 7.2 i386 - SuSE Linux 7.1 x86 - SuSE Linux 7.1 - SuSE Linux 7.0 i386 + SuSE Linux Desktop 1.0 RealNetworks RealPlayer 8.0 Mac RealNetworks RealOne Player for OSX 9.0 .297 RealNetworks RealOne Player for OSX 9.0 .288 RealNetworks RealOne Player 6.0.11 .872 RealNetworks RealOne Player 6.0.11 .868 RealNetworks RealOne Player 6.0.11 .853 RealNetworks RealOne Player 6.0.11 .840 RealNetworks RealOne Player 6.0.11 .830 RealNetworks RealOne Player 6.0.11 .818 RealNetworks RealOne Player 1.0 RealNetworks Helix Player for Linux 1.0.3 + Gentoo Linux + Redhat Fedora Core3 RealNetworks Helix Player for Linux 1.0.2 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 RealNetworks Helix Player for Linux 1.0.1 RealNetworks Helix Player for Linux 1.0
Not Vulnerable:	RealNetworks RealPlayer For Unix 10.0.4 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + S.u.S.E. Linux Personal 9.3 + S.u.S.E. Linux Personal 9.2 RealNetworks RealPlayer 10 for Mac OS 10.0 .0.331 RealNetworks RealPlayer 10.5 v6.0.12.1059 RealNetworks Helix Player for Linux 1.0.4 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Redhat Fedora Core3

RealNetworks RealPlayer Enterprise RAM File Parsing Buffer Overflow Vulnerability

RealNetworks RealPlayer Enterprise is reported prone to a buffer overflow vulnerability. It is reported that the issue manifests when a malicious RAM file is parsed.

A remote attacker may exploit this vulnerability to execute arbitrary code in the context of a user that uses a vulnerable version of the media player to load a malicious RAM file.

RealNetworks RealPlayer Enterprise RAM File Parsing Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

RealNetworks RealPlayer Enterprise RAM File Parsing Buffer Overflow Vulnerability

Solution:
The vendor has released a fix to address this vulnerability:

SuSE Linux has made advisory SUSE-SA:2005:026 available along with fixes dealing with this issue.

RedHat Fedora has released and advisory FEDORA-2005-330 dealing with this issue. Please see the reference section for more information.

Red Hat has released advisories RHSA-2005:363-09 and RHSA-2005:392-06 dealing with this issue in their RealPlayer and Helix Player packages respectively along with fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Gentoo has released advisory GLSA 200504-21 to address this issue. Gentoo fixes may be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=media-video/helixplayer-1.0.4"


RealNetworks RealPlayer Enterprise

• Real Networks pnen3260.dll
  http://docs.real.com/docs/pnen3260.dll

RealNetworks Helix Player for Linux 1.0.1

• Fedora HelixPlayer-1.0.4-1.0.fc3.1.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora HelixPlayer-debuginfo-1.0.4-1.0.fc3.1.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

RealNetworks RealPlayer Enterprise 1.1

• Real Networks pnen3260.dll
  http://docs.real.com/docs/pnen3260.dll

RealNetworks RealPlayer Enterprise 1.2

• Real Networks pnen3260.dll
  http://docs.real.com/docs/pnen3260.dll

RealNetworks RealPlayer Enterprise 1.5

• Real Networks pnen3260.dll
  http://docs.real.com/docs/pnen3260.dll

RealNetworks RealPlayer Enterprise 1.6

• Real Networks pnen3260.dll
  http://docs.real.com/docs/pnen3260.dll

RealNetworks RealPlayer Enterprise 1.7

• Real Networks pnen3260.dll
  http://docs.real.com/docs/pnen3260.dll

RealNetworks RealPlayer 10.0

• SuSE RealPlayer-10.0.4-1.1.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.4 -1.1.i586.rpm


• SuSE RealPlayer-10.0.4-1.1.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/RealPlayer-10.0.4 -1.1.i586.rpm

RealNetworks RealPlayer For Unix 10.0.3

• SuSE RealPlayer-10.0.3-0.1.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/RealPlayer-10.0.3 -0.1.i586.rpm

RealNetworks RealPlayer Enterprise RAM File Parsing Buffer Overflow Vulnerability

References:

• Helix Player 1.0.4 Release Notes (Real Networks)
  
• Helix Player Home Page (Real Networks)
  
• Home Page (Real Networks)
  
• RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. (Real Networks)
  
• RHSA-2005:299-06 - realplayer security update (RedHat)
  
• RHSA-2005:363-09 - RealPlayer security update (RedHat)
  
• RHSA-2005:392-06 - HelixPlayer security update (RedHat)
  
• Security Patch Update For Realplayer Enterprise (Real Networks)
  
• RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow (Piotr Bania )
  
• RealOne Player / Real .WAV Heap Overflow File Format Vulnerability ("Mark Litchfield" )