Bug 183421 - media-video/realplayer - stack overflow vulnerability (CVE-2007-3410)
Bug#: 183421 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: carlo@gentoo.org
Component: Vulnerabilities
URL:  http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547
Summary: media-video/realplayer - stack overflow vulnerability (CVE-2007-3410)
Keywords:  
Status Whiteboard: B2 [glsa] p-y
Opened: 2007-06-27 15:48 0000
Description:   Opened: 2007-06-27 15:48 0000 
Remote exploitation of a buffer overflow within RealNetworks' RealPlayer and
HelixPlayer allows attackers to execute arbitrary code in the context of the
user.

The issue specifically exists in the handling of HH:mm:ss.f time formats by the
'wallclock' functionality within the code supporting SMIL2. An excerpt from the
code follows.


http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547

------- Comment #1 From Pierre-Yves Rofes 2007-07-15 15:21:00 0000 ------- 
media-video, what's the status here? please advise.

------- Comment #2 From Steve Dibb 2007-07-15 16:00:10 0000 ------- 
I haven't seen any releases from usptream regarding the issue, I'll have to
find out what the status is.

------- Comment #3 From Jakub Moc (RETIRED) 2007-08-17 06:35:28 0000 ------- 
*** Bug 189190 has been marked as a duplicate of this bug. ***

------- Comment #4 From Jakub Moc (RETIRED) 2007-08-17 06:37:09 0000 ------- 
https://player.helixcommunity.org/2007/releases/rp10gold/RP10_0_9ReleaseNotes.html

What's New in 10.0.9

    * This is a security update with a piggy-back bug fix.
    * Fixed an embedded player crash in some music web sites.

No idea if this fixes this one, the above is all they provide. The damned thing
is again not downloadable via normal SRC_URI, suggest that we finally stick
RESTRICT=fetch into the ebuild and are done with it.

https://helixcommunity.org/projects/player/files/download/2479

------- Comment #5 From Sune Kloppenborg Jeppesen 2007-08-17 21:40:54 0000 ------- 
media-video does 10.0.9 solve the current issue?

------- Comment #6 From Steve Dibb 2007-08-25 14:02:51 0000 ------- 
media-video/realplayer-10.0.9 in the tree

------- Comment #7 From Arfrever Frehtes Taifersar Arahesis 2007-08-26 13:30:17 0000 ------- 
(In reply to comment #6)
> media-video/realplayer-10.0.9 in the tree

Now there is such a message:
 * Download RealPlayer manually from Real's website at
 *
 *

Please replace ${DOWNLOADPAGE} with ${HOMEPAGE}.

------- Comment #8 From Steve Dibb 2007-08-27 13:45:05 0000 ------- 
(In reply to comment #7)
> (In reply to comment #6)
> > media-video/realplayer-10.0.9 in the tree
> 
> Now there is such a message:
>  * Download RealPlayer manually from Real's website at
>  *
>  *
> 
> Please replace ${DOWNLOADPAGE} with ${HOMEPAGE}.
> 

fixed, thanks

------- Comment #9 From Sune Kloppenborg Jeppesen 2007-08-28 19:48:09 0000 ------- 
x86 please test and mark stable.

------- Comment #10 From Jurek Bartuszek 2007-08-28 22:25:14 0000 ------- 
x86 stable

------- Comment #11 From Pierre-Yves Rofes 2007-08-29 10:20:18 0000 ------- 
glsa request filed.

------- Comment #12 From Raphael Marichez 2007-09-14 21:45:22 0000 ------- 
it's GLSA 200709-05, thanks everybody