Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 235589 (CVE-2008-3794)

Summary: media-video/vlc <0.8.6i-r2 MMS Stack-based buffer overflow (CVE-2008-3794)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: media-video
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.orange-bat.com/adv/2008/adv.08.24.txt
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 235238    

Description Robert Buchholz (RETIRED) gentoo-dev 2008-08-24 02:26:24 UTC 
g_ of Orange Bat reported a heap-based buffer overflow when opening mms streams.

Alexis / media-video, as we had an issue with upstream becoming aware of bugs by this researcher, please contact them to make sure.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-08-24 10:26:24 UTC 
patch committed:
http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html
Comment 2 Alexis Ballier gentoo-dev 2008-08-24 13:39:29 UTC 
(In reply to comment #1)
> patch committed:
> http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html
> 

applied in r2
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-08-24 13:44:33 UTC 
Thanks for bumping so fast.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-08-24 13:45:42 UTC 
Arches, please test and mark stable:
=media-video/vlc-0.8.6i-r2
Target keywords : "alpha amd64 ppc sparc x86"
Comment 5 Friedrich Oslage (RETIRED) gentoo-dev 2008-08-24 14:50:29 UTC 
sparc stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2008-08-24 19:33:23 UTC 
Stable on alpha.
Comment 7 nion 2008-08-25 02:21:23 UTC 
(In reply to comment #0)
> g_ of Orange Bat reported a heap-based buffer overflow when opening mms
> streams.

just if someone picks this up for a cve id description.... it is not heap-based buf stack-based.

cheers
Comment 8 nion 2008-08-25 02:22:01 UTC 
(In reply to comment #7)
> (In reply to comment #0)
> > g_ of Orange Bat reported a heap-based buffer overflow when opening mms
> > streams.
> 
> just if someone picks this up for a cve id description.... it is not heap-based
> buf stack-based.

s/buf/but/ :)
Comment 9 Markus Meier gentoo-dev 2008-08-25 17:01:11 UTC 
amd64/x86 stable
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2008-08-25 18:27:09 UTC 
ppc stable and ready for glsa
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-08-25 18:39:45 UTC 
(In reply to comment #10)
> ppc stable and ready for glsa
> 

thanks, request filed.
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2008-08-29 14:35:41 UTC 
CVE-2008-3794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3794):
  Integer signedness error in the mms_ReceiveCommand function in
  modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers
  to execute arbitrary code via a crafted mmst link with a negative size value,
  which bypasses a size check and triggers an integer overflow followed by a
  stack-based buffer overflow.
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-07 19:31:23 UTC 
GLSA 200809-06