Bug 213039 - media-libs/xine-lib < 1.1.11 Array Indexing Vulnerability (CVE-2008-0073)
|
Bug#:
213039
(CVE-2008-0073)
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: flameeyes@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://bugs.xine-project.org/show_bug.cgi?id=58
|
|
Summary: media-libs/xine-lib < 1.1.11 Array Indexing Vulnerability (CVE-2008-0073)
|
|
Keywords: STABLEREQ
|
|
Status Whiteboard: A2 [glsa]
|
|
Opened: 2008-03-11 14:17 0000
|
From: Secunia Research <vuln@secunia.com>
Date: Mar 10, 2008 10:20 AM
Subject: Xine "sdpplin_parse()" Array Indexing Vulnerability
To: security@xinehq.de
Cc: miguel@cetuc.puc-rio.br, mroi@users.sourceforge.net,
melanson@pcisys.net, tmattern@noos.fr, vendor-sec@lst.de,
vuln@secunia.com
Hello,
Secunia Research has discovered a vulnerability in Xine, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the
"sdpplin_parse()" function in input/libreal/sdpplin.c. This can be
exploited to overwrite arbitrary memory regions via an overly large
"streamid" SDP parameter included in a malicious RTSP stream.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 1.1.10.1. Other versions may
also be affected.
Vulnerability Details:
----------------------
The vulnerability is present in input/libreal/sdpplin.c at line 255.
---
desc->stream[stream->stream_id] = stream;
---
Exploitation:
-------------
Secunia Research has created a PoC for the vulnerability, which is
available upon request.
Closing comments:
-----------------
We have assigned this vulnerability Secunia advisory SA28694 and CVE
identifier CVE-2008-0073.
A preliminary disclosure date of 2008-03-19 10am CET has been set, where
the details will be publicly disclosed. However, we are naturally
prepared to push the disclosure date if you need more time to address
the vulnerability.
Please acknowledge receiving this e-mail and let us know when you expect
to fix the vulnerability.
Credits should go to:
Alin Rad Pop, Secunia Research.
Also, if you have any questions, then please don't hesitate to contact
me.
--
Alin Rad Pop
Security Specialist
Secunia
Hammerensgade 4, 2. floor
DK-1267 Copenhagen K
Denmark
Phone +45 7020 5144
Fax +45 7020 5145
FWIW, the same vulnerability apply to VLC.
Does VLC know, have a patch? Does xine have a patch?
xine has a patch, the same patch should apply over VLC. I'm not sure if VLC is
informed, I said that to secunia though people though.
*** Bug 213928 has been marked as a duplicate of this bug. ***
media-lib/xine-lib-1.1.11.ebuild in cvs
Arches please test and mark stable.
Target KEYWORDS="alpha amd64 ~arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
(In reply to comment #6)
> media-lib/xine-lib-1.1.11.ebuild in cvs
That's not even a proper path if the directory was spelled right! :)
=media-libs/xine-lib-1.1.11 will do nicely.
ppc stable, ready for glsa
Fixed in release snapshot.
request filed, will only be glsa'd after bug 214270 was fixed.
