213039 CVE-2008-0073 2008-03-11 14:17 0000 media-libs/xine-lib < 1.1.11 Array Indexing Vulnerability (CVE-2008-0073) 2008-08-06 00:31:35 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://bugs.xine-project.org/show_bug.cgi?id=58 A2 [glsa] STABLEREQ P2 normal --- 1 flameeyes@gentoo.org security@gentoo.org bernd@linx.net yngwin@gentoo.org flameeyes@gentoo.org 2008-03-11 14:17:30 0000 From: Secunia Research <vuln@secunia.com> Date: Mar 10, 2008 10:20 AM Subject: Xine "sdpplin_parse()" Array Indexing Vulnerability To: security@xinehq.de Cc: miguel@cetuc.puc-rio.br, mroi@users.sourceforge.net, melanson@pcisys.net, tmattern@noos.fr, vendor-sec@lst.de, vuln@secunia.com Hello,  Secunia Research has discovered a vulnerability in Xine, which can be  exploited by malicious people to compromise a user's system.  The vulnerability is caused due to a boundary error within the  "sdpplin_parse()" function in input/libreal/sdpplin.c. This can be  exploited to overwrite arbitrary memory regions via an overly large  "streamid" SDP parameter included in a malicious RTSP stream.  Successful exploitation allows execution of arbitrary code.  The vulnerability is confirmed in version 1.1.10.1. Other versions may  also be affected.  Vulnerability Details:  ----------------------  The vulnerability is present in input/libreal/sdpplin.c at line 255.  ---  desc->stream[stream->stream_id] = stream;  ---  Exploitation:  -------------  Secunia Research has created a PoC for the vulnerability, which is  available upon request.  Closing comments:  -----------------  We have assigned this vulnerability Secunia advisory SA28694 and CVE  identifier CVE-2008-0073.  A preliminary disclosure date of 2008-03-19 10am CET has been set, where  the details will be publicly disclosed. However, we are naturally  prepared to push the disclosure date if you need more time to address  the vulnerability.  Please acknowledge receiving this e-mail and let us know when you expect  to fix the vulnerability.  Credits should go to:  Alin Rad Pop, Secunia Research.  Also, if you have any questions, then please don't hesitate to contact  me.  --  Alin Rad Pop  Security Specialist  Secunia  Hammerensgade 4, 2. floor  DK-1267 Copenhagen K  Denmark  Phone  +45 7020 5144  Fax    +45 7020 5145 flameeyes@gentoo.org 2008-03-11 14:18:51 0000 FWIW, the same vulnerability apply to VLC. rbu@gentoo.org 2008-03-12 02:18:41 0000 Does VLC know, have a patch? Does xine have a patch? flameeyes@gentoo.org 2008-03-12 02:32:24 0000 xine has a patch, the same patch should apply over VLC. I'm not sure if VLC is informed, I said that to secunia though people though. py@gentoo.org 2008-03-19 14:53:53 0000 *** Bug 213928 has been marked as a duplicate of this bug. *** py@gentoo.org 2008-03-19 14:54:55 0000 public now. yngwin@gentoo.org 2008-03-20 00:29:39 0000 media-lib/xine-lib-1.1.11.ebuild in cvs Arches please test and mark stable. Target KEYWORDS="alpha amd64 ~arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" jer@gentoo.org 2008-03-20 04:30:09 0000 (In reply to comment #6) > media-lib/xine-lib-1.1.11.ebuild in cvs That's not even a proper path if the directory was spelled right! :) =media-libs/xine-lib-1.1.11 will do nicely. fauli@gentoo.org 2008-03-20 07:34:41 0000 x86 stable jer@gentoo.org 2008-03-20 17:45:12 0000 Stable for HPPA. maekke@gentoo.org 2008-03-20 21:40:10 0000 amd64 stable klausman@gentoo.org 2008-03-21 12:30:00 0000 alpha stable ranger@gentoo.org 2008-03-21 14:16:59 0000 ppc64 stable armin76@gentoo.org 2008-03-22 15:29:44 0000 ia64/sparc stable dertobi123@gentoo.org 2008-03-23 11:32:47 0000 ppc stable, ready for glsa pva@gentoo.org 2008-03-23 12:43:28 0000 Fixed in release snapshot. rbu@gentoo.org 2008-03-24 19:45:03 0000 request filed, will only be glsa'd after bug 214270 was fixed. rbu@gentoo.org 2008-08-06 00:31:35 0000 GLSA 200808-01