Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 235589
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 235589 depends on: Show dependency tree
Bug 235589 blocks: 235238

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-08-24 02:26 0000 
g_ of Orange Bat reported a heap-based buffer overflow when opening mms
streams.

Alexis / media-video, as we had an issue with upstream becoming aware of bugs
by this researcher, please contact them to make sure.

------- Comment #1 From Robert Buchholz 2008-08-24 10:26:24 0000 ------- 
patch committed:
http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html

------- Comment #2 From Alexis Ballier 2008-08-24 13:39:29 0000 ------- 
(In reply to comment #1)
> patch committed:
> http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html
> 

applied in r2

------- Comment #3 From Robert Buchholz 2008-08-24 13:44:33 0000 ------- 
Thanks for bumping so fast.

------- Comment #4 From Robert Buchholz 2008-08-24 13:45:42 0000 ------- 
Arches, please test and mark stable:
=media-video/vlc-0.8.6i-r2
Target keywords : "alpha amd64 ppc sparc x86"

------- Comment #5 From Friedrich Oslage 2008-08-24 14:50:29 0000 ------- 
sparc stable

------- Comment #6 From Tobias Klausmann 2008-08-24 19:33:23 0000 ------- 
Stable on alpha.

------- Comment #7 From nion 2008-08-25 02:21:23 0000 ------- 
(In reply to comment #0)
> g_ of Orange Bat reported a heap-based buffer overflow when opening mms
> streams.

just if someone picks this up for a cve id description.... it is not heap-based
buf stack-based.

cheers

------- Comment #8 From nion 2008-08-25 02:22:01 0000 ------- 
(In reply to comment #7)
> (In reply to comment #0)
> > g_ of Orange Bat reported a heap-based buffer overflow when opening mms
> > streams.
> 
> just if someone picks this up for a cve id description.... it is not heap-based
> buf stack-based.

s/buf/but/ :)

------- Comment #9 From Markus Meier 2008-08-25 17:01:11 0000 ------- 
amd64/x86 stable

------- Comment #10 From Tobias Scherbaum 2008-08-25 18:27:09 0000 ------- 
ppc stable and ready for glsa

------- Comment #11 From Pierre-Yves Rofes 2008-08-25 18:39:45 0000 ------- 
(In reply to comment #10)
> ppc stable and ready for glsa
> 

thanks, request filed.

------- Comment #12 From Robert Buchholz 2008-08-29 14:35:41 0000 ------- 
CVE-2008-3794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3794):
  Integer signedness error in the mms_ReceiveCommand function in
  modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers
  to execute arbitrary code via a crafted mmst link with a negative size value,
  which bypasses a size check and triggers an integer overflow followed by a
  stack-based buffer overflow.

------- Comment #13 From Pierre-Yves Rofes 2008-09-07 19:31:23 0000 ------- 
GLSA 200809-06
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug