FreeBSD : linux-realplayer -- RealText parsing heap overflow (95ee96f2-e488-11d9-bf22-080020c11455)

medium Nessus Plugin ID 19036

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

An iDEFENSE Security Advisory reports :

Remote exploitation of a heap-based buffer overflow vulnerability in the RealText file format parser within various versions of RealNetworks Inc.'s RealPlayer could allow attackers to execute arbitrary code.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?5c982015

https://www.real.com/

http://www.nessus.org/u?a0fa77ce

Plugin Details

Severity: Medium

ID: 19036

File Name: freebsd_pkg_95ee96f2e48811d9bf22080020c11455.nasl

Version: 1.24

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-realplayer, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/24/2005

Vulnerability Publication Date: 6/23/2005

Reference Information

CVE: CVE-2005-1766