Gentoo Full Text Bug Listing

Description:

Opened: 2005-09-26 11:48 0000

There is a remotly exploitable format string vulnerability in the latest Helix
Media Player suit that will allow an attacker the possibility to execute
malicious code on a victims computer. The exploit code will execute a remote
shell under the permissions of the user running the media player, and effects
all versions of RealPlayer and Helix Player.

The bug is exploitable by abusing media, including .rp (relpix)and .rt
(realtext) file formats. Although others may be effected I stick to realpix file
format for this advisory.

http://www.open-security.org/advisories/13

------- Comment #1 From Thierry Carrez (RETIRED) 2005-09-26 11:57:38 0000 -------

"Real have been duely informed about this issue and are fixing."

------- Comment #2 From Thierry Carrez (RETIRED) 2005-09-28 00:54:36 0000 -------

Patch for Helix: in player/common/gtk/hxgerror.cpp:

This line:
err = g_error_new (HX_ERROR, code, message->str);

should become this:
err = g_error_new (HX_ERROR, code, "%s", message->str);

1.0.6 is coming up from Real, but you can start patching...

------- Comment #3 From Thierry Carrez (RETIRED) 2005-10-01 03:10:42 0000 -------

Please patch Helix, while we wait for a RealPlayer fix...

------- Comment #5 From Thierry Carrez (RETIRED) 2005-10-04 06:34:40 0000 -------

realplayer 10.0.6 is up. x86/amd64 please test and mark stable accordingly.
Note: helixplayer still has to be bumped.

------- Comment #6 From Paul Varner 2005-10-04 09:16:00 0000 -------

realplayer 10.0.6 stable on x86

------- Comment #7 From Simon Stelling (RETIRED) 2005-10-07 05:11:30 0000 -------

realplayer stable on amd64, sorry for the delay

------- Comment #8 From Thierry Carrez (RETIRED) 2005-10-07 10:24:39 0000 -------

Thx everyone, this is GLSA 200510-07

------- Comment #9 From Paul Varner 2005-11-21 10:32:48 0000 -------

It doesn't appear to me that helixplayer ever got bumped to address the
vulnerability.

------- Comment #10 From Sune Kloppenborg Jeppesen 2005-11-21 10:57:04 0000 -------

You're right Paul:-/ 
 
media-video please provide an updated ebuild.

------- Comment #11 From Diego E. 'Flameeyes' Pettenò 2005-11-21 11:17:04 0000 -------

Server down, helixplayer masked, pending removal as it seems more a problem 
than anything else.

------- Comment #12 From Sune Kloppenborg Jeppesen 2005-11-22 13:22:00 0000 -------

GLSA 200510-07 updated.

------- Comment #13 From Christie Harris 2006-01-12 19:25:01 0000 -------

(In reply to comment #11)
> Server down, helixplayer masked, pending removal as it seems more a problem 
> than anything else. 
>  
The server appears to be up. Any chance of getting helixplayer re-added to
portage? It appears the 1.0.6 release has been out since september.

https://helixcommunity.org/download.php/1585/hxplay-1.0.6-source.tar.bz2

------- Comment #14 From Sune Kloppenborg Jeppesen 2006-03-22 12:26:33 0000 -------

media-video any news on this one?

------- Comment #15 From Diego E. 'Flameeyes' Pettenò 2006-03-22 12:40:06 0000 -------

Realplayer should be updated, helixplayer is removed iirc.

------- Comment #16 From Sune Kloppenborg Jeppesen 2006-03-23 22:08:01 0000 -------

helixplayer is removed. Resetting severity rating to reflect Realplayer.

Thx everyone.

Bug#: 107309	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: enhancement	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: carlo@gentoo.org
Component: Vulnerabilities
URL: http://www.open-security.org/advisories/13
Summary: media-video/{helix,real}player: remotly exploitable format string vulnerability(CAN-2005-2710)
Keywords:
Status Whiteboard: B2 [glsa] jaervosz
Opened: 2005-09-26 11:48 0000