Summary: | media-video/mplayer (all versions >=0.60pre1) Exploitable remote buffer overflow vulnerability in the HTTP parser | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c> |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | andreas.w.simon, flash3001, jay, media-video, security, svein |
Priority: | Highest | Keywords: | SECURITY |
Version: | unspecified | Flags: | klieber:
Pending-
|
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.mplayerhq.hu/ | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Lars Wendler (Polynomial-C) (RETIRED)
2004-03-30 08:14:27 UTC
media-video herd -- please review/comment/patch as appropriate. more info: http://www.mplayerhq.hu/homepage/design6/news.html 2004.03.30, Tuesday :: Exploitable remote buffer overflow vulnerability in the HTTP parser posted by Gabucino Severity: HIGH (if playing HTTP streaming content) LOW (if playing only normal files) Description: A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header. MPlayer versions affected: MPlayer 0.90pre series MPlayer 0.90rc series MPlayer 0.90 MPlayer 0.91 MPlayer 1.0pre1 MPlayer 1.0pre2 MPlayer 1.0pre3 MPlayer versions unaffected: MPlayer releases before 0.60pre1 MPlayer 0.92.1 MPlayer 1.0pre3try2 MPlayer 0_92 CVS MPlayer HEAD CVS ... Patch availability: A patch is available for all vulnerable versions here. http://www.mplayerhq.hu/MPlayer/patches/vuln02-fix.diff Someone who was afraid to comment on this bug :-) gave the following links: http://seclists.org/lists/bugtraq/2004/Mar/0323.html http://seclists.org/lists/bugtraq/2004/Mar/0326.html Patrick -- can you please re-assign this back to security@gentoo.org once you've got things patched? Otherwise, we risk losing track of it. Thanks. AMD64, PPC: please test mplayer-1.0_pre3-r5 and mark stable ignore my previous testing request. I didn't properly understand how Patrick patched things. GLSA forthcoming. GLSA 200403-13 *** Bug 46346 has been marked as a duplicate of this bug. *** |