MPlayer RTSP Server Line Response Remote Buffer Overflow Vulnerability
BID:13270
Info
MPlayer RTSP Server Line Response Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 13270 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1195 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue. |
| Vulnerable: |
xine xine 1.0 xine xine 0.9.18 xine xine 0.9.13 xine xine 1-rc8 xine xine 1-rc7 xine xine 1-rc6a xine xine 1-rc6 xine xine 1-rc5 xine xine 1-rc4 xine xine 1-rc3b xine xine 1-rc3a xine xine 1-rc3 xine xine 1-rc2 xine xine 1-rc1 xine xine 1-rc1 xine xine 1-rc0a xine xine 1-rc0 xine xine 1-beta9 xine xine 1-beta8 xine xine 1-beta7 xine xine 1-beta6 xine xine 1-beta5 xine xine 1-beta4 xine xine 1-beta3 xine xine 1-beta2 xine xine 1-beta12 xine xine 1-beta11 xine xine 1-beta10 xine xine 1-beta1 xine xine 1-alpha Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Turbolinux Turbolinux Desktop 10.0 Turbolinux Home SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 SuSE Linux 7.3 sparc SuSE Linux 7.3 ppc SuSE Linux 7.3 i386 SuSE Linux 7.3 SuSE Linux 7.2 i386 SuSE Linux 7.2 SuSE Linux 7.1 x86 SuSE Linux 7.1 sparc SuSE Linux 7.1 ppc SuSE Linux 7.1 alpha SuSE Linux 7.1 SuSE Linux 7.0 sparc SuSE Linux 7.0 ppc SuSE Linux 7.0 i386 SuSE Linux 7.0 alpha SuSE Linux 7.0 SuSE Linux 6.4 ppc SuSE Linux 6.4 i386 SuSE Linux 6.4 alpha SuSE Linux 6.4 SuSE Linux 6.3 ppc SuSE Linux 6.3 alpha SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 alpha SuSE Linux 6.1 SuSE Linux 6.0 SuSE Linux 5.3 SuSE Linux 5.2 SuSE Linux 5.1 SuSE Linux 5.0 SuSE Linux 4.4.1 SuSE Linux 4.4 SuSE Linux 4.3 SuSE Linux 4.2 SuSE Linux 4.0 SuSE Linux 3.0 SuSE Linux 2.0 SuSE Linux 1.0 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux -current S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Peachtree Linux release 1 MPlayer MPlayer 1.0 pre6 MPlayer MPlayer 1.0 pre5try2 MPlayer MPlayer 1.0 pre5try1 MPlayer MPlayer 1.0 pre5 MPlayer MPlayer 1.0 pre4 MPlayer MPlayer 1.0 pre3try2 MPlayer MPlayer 1.0 pre3 MPlayer MPlayer 1.0 pre2 MPlayer MPlayer 1.0 pre1 MPlayer MPlayer 0.92.1 MPlayer MPlayer 0.92 MPlayer MPlayer 0.91 MPlayer MPlayer 0.90 rc series MPlayer MPlayer 0.90 pre series MPlayer MPlayer 0.90 MPlayer MPlayer 0.9 0rc4 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 |
| Not Vulnerable: |
xine xine 1.0 xine xine 0.9.8 |
Discussion
MPlayer RTSP Server Line Response Remote Buffer Overflow Vulnerability
A remote heap-based buffer overflow vulnerability affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
A remote heap-based buffer overflow vulnerability affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Exploit / POC
MPlayer RTSP Server Line Response Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
MPlayer RTSP Server Line Response Remote Buffer Overflow Vulnerability
Solution:
The vendor has released a patch dealing with this issue.
Mandriva has released security announcement MDKSA-2005:115 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
SuSE has released advisory SUSE-SR:2005:013 and fixes for this issue. Fixes can be obtained through the SuSE FTP server or by using the YaST Online Update.
Ubuntu Linux has released fixes and an advisory (USN-123-1) to address this and another vulnerability. Please see the referenced advisory for further information.
Peachtree Linux has released fixes and an advisory (PLSN-0003) to address this and another vulnerability. Please see the referenced advisory for further information.
xine has released fixes and an advisory (XSA-2004-8) to address this and another vulnerability. Patches are also available at the following location:
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u
Please see the referenced advisory for further information.
Gentoo Linux has released an advisory (GLSA 200504-19) dealing with this issue. Gentoo advises that all users upgrade their packages by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre6-r4"
For more information, please see the referenced Gentoo Linux advisory.
Gentoo Linux has released an advisory (GLSA 200504-27) dealing with this issue for xine-lib. Gentoo advises that all xine-lib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose media-libs/xine-lib
SuSE has released advisory SUSE-SR:2005:012 confirming that SuSE Linux products are vulnerable to this issue. Fixes are pending.
Slackware Linux has released advisory SSA:2005-121-02 to address this issue. Please see the referenced advisory for further information.
Turbolinux has released advisory TLSA-2005-65 to address this issue. Please see the referenced advisory for more information.
xine xine 1-rc5
MPlayer MPlayer 1.0 pre3
MPlayer MPlayer 1.0 pre5try2
MPlayer MPlayer 1.0 pre5try1
MPlayer MPlayer 1.0 pre4
xine xine 1.0
MPlayer MPlayer 1.0 pre5
MPlayer MPlayer 1.0 pre6
Solution:
The vendor has released a patch dealing with this issue.
Mandriva has released security announcement MDKSA-2005:115 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
SuSE has released advisory SUSE-SR:2005:013 and fixes for this issue. Fixes can be obtained through the SuSE FTP server or by using the YaST Online Update.
Ubuntu Linux has released fixes and an advisory (USN-123-1) to address this and another vulnerability. Please see the referenced advisory for further information.
Peachtree Linux has released fixes and an advisory (PLSN-0003) to address this and another vulnerability. Please see the referenced advisory for further information.
xine has released fixes and an advisory (XSA-2004-8) to address this and another vulnerability. Patches are also available at the following location:
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u
Please see the referenced advisory for further information.
Gentoo Linux has released an advisory (GLSA 200504-19) dealing with this issue. Gentoo advises that all users upgrade their packages by executing the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre6-r4"
For more information, please see the referenced Gentoo Linux advisory.
Gentoo Linux has released an advisory (GLSA 200504-27) dealing with this issue for xine-lib. Gentoo advises that all xine-lib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose media-libs/xine-lib
SuSE has released advisory SUSE-SR:2005:012 confirming that SuSE Linux products are vulnerable to this issue. Fixes are pending.
Slackware Linux has released advisory SSA:2005-121-02 to address this issue. Please see the referenced advisory for further information.
Turbolinux has released advisory TLSA-2005-65 to address this issue. Please see the referenced advisory for more information.
xine xine 1-rc5
-
Ubuntu libxine-dev_1-rc5-1ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-r c5-1ubuntu2.2_amd64.deb -
Ubuntu libxine-dev_1-rc5-1ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-r c5-1ubuntu2.2_i386.deb -
Ubuntu libxine-dev_1-rc5-1ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-r c5-1ubuntu2.2_powerpc.deb -
Ubuntu libxine-dev_1.0-1ubuntu3.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0 -1ubuntu3.1_amd64.deb -
Ubuntu libxine-dev_1.0-1ubuntu3.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0 -1ubuntu3.1_i386.deb -
Ubuntu libxine-dev_1.0-1ubuntu3.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0 -1ubuntu3.1_powerpc.deb -
Ubuntu libxine1_1-rc5-1ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5- 1ubuntu2.2_amd64.deb -
Ubuntu libxine1_1-rc5-1ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5- 1ubuntu2.2_i386.deb -
Ubuntu libxine1_1-rc5-1ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5- 1ubuntu2.2_powerpc.deb -
Ubuntu libxine1_1.0-1ubuntu3.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1u buntu3.1_amd64.deb -
Ubuntu libxine1_1.0-1ubuntu3.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1u buntu3.1_i386.deb -
Ubuntu libxine1_1.0-1ubuntu3.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1u buntu3.1_powerpc.deb
MPlayer MPlayer 1.0 pre3
-
MPlayer rtsp_fix_20050415.diff
http://www.mplayerhq.hu/MPlayer/patches/rtsp_fix_20050415.diff
MPlayer MPlayer 1.0 pre5try2
-
MPlayer rtsp_fix_20050415.diff
http://www.mplayerhq.hu/MPlayer/patches/rtsp_fix_20050415.diff
MPlayer MPlayer 1.0 pre5try1
-
MPlayer rtsp_fix_20050415.diff
http://www.mplayerhq.hu/MPlayer/patches/rtsp_fix_20050415.diff
MPlayer MPlayer 1.0 pre4
-
MPlayer rtsp_fix_20050415.diff
http://www.mplayerhq.hu/MPlayer/patches/rtsp_fix_20050415.diff
xine xine 1.0
-
Ubuntu libxine-dev_1-rc5-1ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-r c5-1ubuntu2.2_amd64.deb -
Ubuntu libxine-dev_1-rc5-1ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-r c5-1ubuntu2.2_i386.deb -
Ubuntu libxine-dev_1-rc5-1ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1-r c5-1ubuntu2.2_powerpc.deb -
Ubuntu libxine-dev_1.0-1ubuntu3.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0 -1ubuntu3.1_amd64.deb -
Ubuntu libxine-dev_1.0-1ubuntu3.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0 -1ubuntu3.1_i386.deb -
Ubuntu libxine-dev_1.0-1ubuntu3.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine-dev_1.0 -1ubuntu3.1_powerpc.deb -
Ubuntu libxine1_1-rc5-1ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5- 1ubuntu2.2_amd64.deb -
Ubuntu libxine1_1-rc5-1ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5- 1ubuntu2.2_i386.deb -
Ubuntu libxine1_1-rc5-1ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1-rc5- 1ubuntu2.2_powerpc.deb -
Ubuntu libxine1_1.0-1ubuntu3.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1u buntu3.1_amd64.deb -
Ubuntu libxine1_1.0-1ubuntu3.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1u buntu3.1_i386.deb -
Ubuntu libxine1_1.0-1ubuntu3.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/libxine1_1.0-1u buntu3.1_powerpc.deb
MPlayer MPlayer 1.0 pre5
-
MPlayer rtsp_fix_20050415.diff
http://www.mplayerhq.hu/MPlayer/patches/rtsp_fix_20050415.diff
MPlayer MPlayer 1.0 pre6
-
MPlayer rtsp_fix_20050415.diff
http://www.mplayerhq.hu/MPlayer/patches/rtsp_fix_20050415.diff
References
MPlayer RTSP Server Line Response Remote Buffer Overflow Vulnerability
References:
References:
- 2005.04.16, Saturday :: Real RTSP heap overflow (MPlayer)
- MPlayer Homepage (MPlayer)
- [PLSN-0003] - Remote exploits in MPlayer (Peachtree Linux Security Team
- xine security announcement: multiple heap overflows in MMS and Real RTSP streami (Michael Roitzsch