Summary: | media-video/vlc <0.8.6i-r2 MMS Stack-based buffer overflow (CVE-2008-3794) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.orange-bat.com/adv/2008/adv.08.24.txt | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 235238 |
Description
Robert Buchholz (RETIRED)
2008-08-24 02:26:24 UTC
(In reply to comment #1) > patch committed: > http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html > applied in r2 Thanks for bumping so fast. Arches, please test and mark stable: =media-video/vlc-0.8.6i-r2 Target keywords : "alpha amd64 ppc sparc x86" sparc stable Stable on alpha. (In reply to comment #0) > g_ of Orange Bat reported a heap-based buffer overflow when opening mms > streams. just if someone picks this up for a cve id description.... it is not heap-based buf stack-based. cheers (In reply to comment #7) > (In reply to comment #0) > > g_ of Orange Bat reported a heap-based buffer overflow when opening mms > > streams. > > just if someone picks this up for a cve id description.... it is not heap-based > buf stack-based. s/buf/but/ :) amd64/x86 stable ppc stable and ready for glsa (In reply to comment #10) > ppc stable and ready for glsa > thanks, request filed. CVE-2008-3794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3794): Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a stack-based buffer overflow. GLSA 200809-06 |