Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 281522 - media-video/vlc Stack-based buffer overflows via smb:// URLs
Summary: media-video/vlc Stack-based buffer overflows via smb:// URLs
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: B2 [
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-14 23:26 UTC by Alex Legler (RETIRED)
Modified: 2013-07-08 22:42 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-14 23:26:31 UTC
Filing as Unconfirmed for now, needs verification:

http://www.milw0rm.com/exploits/9427
# VLC Media Player 1.0.0\1.0.1 smb:// URI Handling Remote Stack Overflow PoC
# Found By:	Dr_IDE
# Tested:	Windows XP SP2 , XP SP3 and Windows 7 RC1
# Thanks:	Pankaj Kohli for finding this in 0.8.6f
# Original:	http://www.milw0rm.com/exploits/9303

http://www.milw0rm.com/exploits/9439
# VLC Media Player 1.0.0\1.0.1 smb:// URI Handling Remote Stack Overflow
# Xpl By   : Mountassif Moad
# Thanks   : His0ka - Simo-soft - v4 Team
# Original : http://www.milw0rm.com/exploits/9427
Comment 1 Petr Gregor 2009-09-13 07:46:29 UTC
I tried to reproduce it with vlc 1.0.1. Only got regular error message.

ERROR: string overflow by 1 (1024 - 1023) in safe_strcpy [smb://example.com@www.example.com/foo/#{AABBBBCCCC]

So I guess it doesn't work.
Comment 2 Chris Reffett gentoo-dev Security 2013-07-08 22:42:07 UTC
CVE-2009-2484 indicates that there was such a vulnerability, but it was limited to Windows. Also very obsolete regardless, fixed since June 2009.