Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 159727 - media-video/mplayer: 1.0rc1 security issue
Summary: media-video/mplayer: 1.0rc1 security issue
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa] Falco
: 159990 164340 (view as bug list)
Depends on:
Blocks: 166476
  Show dependency tree
Reported: 2007-01-02 08:39 UTC by Jonathan Smith (RETIRED)
Modified: 2011-10-30 22:40 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Smith (RETIRED) gentoo-dev 2007-01-02 08:39:04 UTC
quoting from

The code mentioned in DSA 1244-1 is also included in MPlayer. A potential buffer overflow was found in the code used to handle RealMedia RTSP streams. When checking for matching asm rules, the code stores the results in a fixed-size array, but no boundary checks are performed. This may lead to a buffer overflow if the user is tricked into connecting to a malicious server. Since the attacker can not write arbitrary data into the buffer, creating an exploit is very hard; but a DoS attack is easily made.

High (DoS and eventually arbitrary remote code execution under the user ID running the player) when setting up a RTSP session from a malicious server, null if you do not use this feature. At the time the buffer overflow was fixed there was no known exploit.

A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006 UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c, stream/realrtsp/asmrp.h and stream/realrtsp/real.c. Users of affected MPlayer versions should download a patch for MPlayer 1.0rc1 or update to the latest version if they're using SVN.
Comment 1 Raúl Porcel (RETIRED) gentoo-dev 2007-01-04 09:35:46 UTC
*** Bug 159990 has been marked as a duplicate of this bug. ***
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-01-04 13:14:56 UTC
OK thanks Jonathan.

Do you know if 1.0_pre8 is affected too?

Comment 3 Jonathan Smith (RETIRED) gentoo-dev 2007-01-04 13:19:04 UTC
I have no first hand knowledge of whether pre8 is affected, but I would assume it is. rc1 is already stable on some arches, however, and it would make sense to me to stablize rc1+fix on all arches.
Comment 4 Matthias Geerdsen (RETIRED) gentoo-dev 2007-01-26 12:53:27 UTC
media-video, pls provide an updated ebuild including the patch
Comment 5 Steve Dibb (RETIRED) gentoo-dev 2007-01-30 15:26:59 UTC
Added mplayer-1.0_rc1-r2 to the tree with included patch
Comment 6 Daniel Pay 2007-02-01 13:31:49 UTC
*** Bug 164340 has been marked as a duplicate of this bug. ***
Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-10 21:21:28 UTC
Hi arches, please test and mark stable mplayer-1.0_rc1-r2 if appropriate, thanks
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2007-02-11 09:58:04 UTC
x86 stable
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2007-02-11 11:11:39 UTC
ppc stable
Comment 10 René Nussbaumer (RETIRED) gentoo-dev 2007-02-11 21:56:54 UTC
stable on hppa
Comment 11 Simon Stelling (RETIRED) gentoo-dev 2007-02-11 23:59:26 UTC
amd64 stable
Comment 12 Gustavo Zacarias (RETIRED) gentoo-dev 2007-02-12 12:59:28 UTC
sparc stable.
Comment 13 Bryan Østergaard (RETIRED) gentoo-dev 2007-02-12 21:18:30 UTC
Stable on IA64.
Comment 14 Bryan Østergaard (RETIRED) gentoo-dev 2007-02-12 22:16:15 UTC
Stable on Alpha.
Comment 15 Markus Rothe (RETIRED) gentoo-dev 2007-02-13 09:02:16 UTC
ppc64 stable
Comment 16 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-27 15:57:40 UTC
GLSA 200702-11 , sorry for the delay