MPlayer header buffer overflow

mplayer-header-bo (15675) The risk level is classified as HighHigh Risk

Description:

MPlayer is vulnerable to a buffer overflow. A remote attacker could send a specially-crafted HTTP header to overflow a buffer and execute arbitrary code on the system when the header is parsed.


Consequences:

Gain Access

Remedy:

Apply the appropriate patch for your system, available from the MPlayer Web site. See References.

For Gentoo Linux:
Upgrade to the latest verison of mplayer (1.0_pre2-r1 or 0.92-r1 or later), as listed in GLSA 200403-13. See References.

For Mandrake Linux:
Upgrade to the latest mplayer package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:026 : mplayer for more information. See References.

Mandrake Linux 9.2: 0.91-8.2.92mdk or later
Mandrake Linux 10.0: 1.0-0.pre3.13.100mdk or later

For other distributions:
Contact your vendor for upgrade or patch information.

References:

  • BugTraq Mailing List, Tue Mar 30 2004 - 09:54:12 CST : MPlayer Security Advisory #002 - HTTP parsing vulnerability.
  • GLSA 200403-13: Remote buffer overflow in MPlayer.
  • BID-10008: MPlayer Remote HTTP Header Buffer Overflow Vulnerability
  • BID-10009: Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability
  • BID-1001: InterAccess TelnetD Server 4.0 Terminal Configuration Vulnerability
  • BID-10010: LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
  • BID-10013: PHPKit Multiple HTML Injection Vulnerabilities
  • BID-10017: JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability
  • BID-10018: MadBMS Unspecified Login Vulnerability
  • BID-10019: Cactusoft CactuShop SQL Injection Vulnerability
  • BID-1002: Sambar Server Batch CGI Vulnerability
  • BID-10020: CactuSoft CactuShop Cross-Site Scripting Vulnerability
  • BID-10022: Roger Wilco Server UDP Datagram Handling Denial Of Service Vulnerability
  • BID-10024: Roger Wilco Information Disclosure Vulnerability
  • BID-10025: Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability
  • BID-10026: ADA IMGSVR Remote Directory Listing Vulnerability
  • BID-10027: ADA IMGSVR Remote File Download Vulnerability
  • BID-10028: OpenBSD ISAKMPD Zero Payload Length Denial Of Service Vulnerability
  • BID-1003: FTPx FTP Explorer Weak Password Encryption Vulnerability
  • BID-10033: HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability
  • BID-10036: Macromedia Dreamweaver Remote User Database Access Vulnerability
  • BID-10037: SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities
  • CVE-2004-0386: Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
  • GLSA-200403-13: Remote buffer overflow in MPlayer
  • MDKSA-2004:026: Updated mplayer packages fix remotely exploitable vulnerability
  • OSVDB ID: 4754: MPlayer HTTP Location Header Parsing Overflow
  • SA11259: MPlayer HTTP Location Header Parsing Heap Overflow Vulnerability
  • US-CERT VU#723910: MPlayer contains a buffer overflow in the HTTP parser

Platforms Affected:

  • Gentoo Linux
  • MandrakeSoft Mandrake Linux 10.0
  • MandrakeSoft Mandrake Linux 9.2
  • MPlayer MPlayer 0.90 pre
  • MPlayer MPlayer 0.90 rc
  • MPlayer MPlayer 0.90
  • MPlayer MPlayer 0.91
  • MPlayer MPlayer 1.0 pre2
  • MPlayer MPlayer 1.0 pre3
  • MPlayer MPlayer 1.0 pre1

Reported:

Mar 30, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page