Mandriva Linux Security Advisory : mplayer (MDVSA-2008:045)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Heap-based buffer overflow in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote
attackers to execute arbitrary code via the SDP Abstract attribute,
related to the rmff_dump_header function and related to disregarding
the max field. Although originally a xine-lib issue, also affects
MPlayer due to code similarity. (CVE-2008-0225)

Multiple heap-based buffer overflows in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to
execute arbitrary code via the SDP (1) Title, (2) Author, or (3)
Copyright attribute, related to the rmff_dump_header function,
different vectors than CVE-2008-0225. Although originally a xine-lib
issue, also affects MPlayer due to code similarity. (CVE-2008-0238)

Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and
earlier might allow remote attackers to execute arbitrary code via a
QuickTime MOV file with a crafted stsc atom tag. (CVE-2008-0485)

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer
1.0rc2 and SVN before r25917, and possibly earlier versions, as used
in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary
code via a crafted FLAC tag, which triggers a buffer overflow.
(CVE-2008-0486)

Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before
r25824 allows remote user-assisted attackers to execute arbitrary code
via a CDDB database entry containing a long album title.
(CVE-2008-0629)

Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823
allows remote attackers to execute arbitrary code via a crafted URL
that prevents the IPv6 parsing code from setting a pointer to NULL,
which causes the buffer to be reused by the unescape code.
(CVE-2008-0630)

The updated packages have been patched to prevent these issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37405 (mandriva_MDVSA-2008-045.nasl)

Bugtraq ID:

CVE ID: CVE-2008-0225
CVE-2008-0238
CVE-2008-0485
CVE-2008-0486
CVE-2008-0629
CVE-2008-0630

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now