Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

Updated packages have been patched to correct this issue.

The remote host is affected by the vulnerability described in GLSA-200702-11 (MPlayer: Buffer overflow)

    When checking for matching asm rules in the asmrp.c code, the results     are stored in a fixed-size array without boundary checks which may     allow a buffer overflow.
  Impact :

    An attacker can entice a user to connect to a manipulated RTSP server     resulting in a Denial of Service and possibly execution of arbitrary     code.
  Workaround :

    There is no known workaround at this time.

New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues.

A potential buffer overflow was found in the code used to handle RealMedia RTSP streams. When checking for matching asm rules, the code stores the results in a fixed-size array, but no boundary checks are performed. This may lead to a buffer overflow if the user is tricked into connecting to a malicious server. Since the attacker cannot write arbitrary data into the buffer, creating an exploit is very hard; but a DoS attack is easily made. A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006 UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c, stream/realrtsp/asmrp.h and stream/realrtsp/real.c.

It was discovered that the Xine multimedia library performs insufficient sanitising of Real streams, which might lead to the execution of arbitrary code through a buffer overflow.

The remote host is affected by the vulnerability described in GLSA-200612-02 (xine-lib: Buffer overflow)

    A possible buffer overflow has been reported in the Real Media input     plugin.
  Impact :

    An attacker could exploit this vulnerability by enticing a user into     loading a specially crafted stream with xine or an application using     xine-lib. This can lead to a Denial of Service and possibly the     execution of arbitrary code with the rights of the user running the     application.
  Workaround :

    There is no known workaround at this time.

The libxine development team reports that several vulnerabilities had been found in the libxine library. The first vulnerability is caused by improper checking of the src/input/libreal/real.c 'real_parse_sdp()' function. A remote attacker could exploit this by tricking an user to connect to a preparated server potentially causing a buffer overflow. Another buffer overflow had been found in the libmms library, potentially allowing a remote attacker to cause a denial of service vulnerability, and possible remote code execution through the following functions: send_command, string_utf16, get_data and get_media_packets. Other functions might be affected as well.

ID	Name	Product	Family	Severity
27977	Ubuntu 5.10 / 6.06 LTS / 6.10 : xine-lib vulnerability (USN-392-1)	Nessus	Ubuntu Local Security Checks	high
25430	Mandrake Linux Security Advisory : mplayer (MDKSA-2007:112)	Nessus	Mandriva Local Security Checks	high
24731	GLSA-200702-11 : MPlayer: Buffer overflow	Nessus	Gentoo Local Security Checks	high
24665	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 9.1 : xine-lib (SSA:2006-357-05)	Nessus	Slackware Local Security Checks	high
24608	Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:224)	Nessus	Mandriva Local Security Checks	high
24007	FreeBSD : mplayer -- buffer overflow in the code for RealMedia RTSP streams. (b2ff68b2-9f29-11db-a4e4-0211d87675b7)	Nessus	FreeBSD Local Security Checks	high
23949	Debian DSA-1244-1 : xine-lib - buffer overflow	Nessus	Debian Local Security Checks	high
23796	GLSA-200612-02 : xine-lib: Buffer overflow	Nessus	Gentoo Local Security Checks	high
23793	FreeBSD : libxine -- multiple buffer overflow vulnerabilities (1b043693-8617-11db-93b2-000e35248ad7)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2006-6172

critical

Tenable Plugins

high

high

high

high

high

high

high

high

high