MPlayer RTSP stream buffer overflow

mplayer-rtsp-stream-bo (20171)

High Risk

Description:

MPlayer is vulnerable to a heap-based buffer overflow caused by a vulnerability in the code handling the Real-Time Streaming Protocol (RTSP). There is no check process in MAX_FIELDS to stop receiving once capacity is reached. A malicious server could be set up to send multiple lines to MAX_FIELDS to overflow a buffer and execute arbitrary code on the system with privileges of the user running MPlayer.

Platforms Affected:

• Canonical, Ubuntu 4.10
• Canonical, Ubuntu 5.04
• Gentoo, Linux
• MandrakeSoft, Mandrake Linux 10.1
• MandrakeSoft, Mandrake Linux 10.1 X86_64
• MandrakeSoft, Mandrake Linux LE2005
• MandrakeSoft, Mandrake Linux LE2005 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MPlayer, MPlayer 1.0pre6 and prior
• MPlayer, MPlayer pre6a
• Turbolinux, Turbolinux 10 Desktop
• Turbolinux, Turbolinux 10 F...
• Turbolinux, Turbolinux Home

Remedy:

Upgrade to the latest version of MPlayer (1.0pre7 or later), available from the MPlayer Web site. See References.

— OR —

Apply the patch for this vulnerability, available from the MPlayer News Document Vuln10. See References.

For Gentoo Linux:
Upgrade to the latest version of MPlayer (1.0_pre6-r4 or later), as listed in GLSA 200504-19. See References.

For Ubuntu Linux:
Refer to USN-123-1 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• MPlayer News Document Vuln10, Real RTSP heap overflow at http://www.mplayerhq.hu/homepage/design7/news.html#vuln10.
• MPlayer Web site, 2005.04.16, Saturday :: MPlayer 1.0pre7 released at http://www.mplayerhq.hu/homepage/design7/news.html.
• BID-13270: MPlayer RTSP Server Line Response Remote Buffer Overflow Vulnerability
• BID-13271: MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability
• CVE-2005-1195: Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.
• GLSA-200504-19: MPlayer: Two heap overflow vulnerabilities
• MDKSA-2005:094: Updated xine-lib packages fix multiple vulnerabilities
• MDKSA-2005:115: Updated mplayer packages fix vulnerabilities
• SA15014: MPlayer RTSP and MMST Streams Buffer Overflow Vulnerabilities
• SECTRACK ID: 1013771: MPlayer MMST and RTSP Buffer Overflows Let Remote Users Execute Arbitrary Code
• SUSE-SR:2005:012: SUSE Security Summary Report
• SUSE-SR:2005:013: SUSE Security Summary Report

Reported:

Apr 16, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page