FreeBSD : mplayer heap overflow in http requests (5e7f58c3-b3f8-4258-aeb8-795e5e940ff8)

high Nessus Plugin ID 12581

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A remotely exploitable heap buffer overflow vulnerability was found in MPlayer's URL decoding code. If an attacker can cause MPlayer to visit a specially crafted URL, arbitrary code execution with the privileges of the user running MPlayer may occur. A `visit' might be caused by social engineering, or a malicious web server could use HTTP redirects which MPlayer would then process.

Solution

Update the affected packages.

See Also

http://www.mplayerhq.hu/homepage/design6/news.html

https://marc.info/?l=bugtraq&m=108066964709058

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=64974

http://www.nessus.org/u?a950ab32

Plugin Details

Severity: High

ID: 12581

File Name: freebsd_mplayer_0921.nasl

Version: 1.14

Type: local

Published: 7/6/2004

Updated: 11/20/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mplayer, p-cpe:/a:freebsd:freebsd:mplayer-esound, p-cpe:/a:freebsd:freebsd:mplayer-gtk, p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/31/2004

Vulnerability Publication Date: 3/30/2004