[MPlayer-DOCS] CVS: homepage/src news.src.en,1.130,1.131
Diego Biurrun CVS
syncmail at mplayerhq.hu
Thu Jul 1 16:12:14 CEST 2004
CVS change done by Diego Biurrun CVS
Update of /cvsroot/mplayer/homepage/src
In directory mail:/var2/tmp/cvs-serv320/src
Modified Files:
news.src.en
Log Message:
string handling security advisory
Index: news.src.en
===================================================================
RCS file: /cvsroot/mplayer/homepage/src/news.src.en,v
retrieving revision 1.130
retrieving revision 1.131
diff -u -r1.130 -r1.131
--- news.src.en 1 Jul 2004 13:50:11 -0000 1.130
+++ news.src.en 1 Jul 2004 14:12:12 -0000 1.131
@@ -4,6 +4,111 @@
<!-- $Revision$ -->
<h2>
+ <a name="vuln04">2004.07.01, Thursday :: remote buffer overflow vulnerabilities in the GUI code</a>
+ <br><span class="poster">posted by Diego</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+Multiple string vulnerabilities have been found and fixed in the MPlayer GUI
+code, at least one of which was remotely exploitable.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player) if
+using the GUI to play certain types of playlist files, none when using only the
+command line. The MPlayer GUI is optional and not built by default.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability with the known exploit was checked into MPlayer CVS
+on Wed, 2 June 2004 12:40:41 +0000 (UTC). The result of a thorough code audit
+that uncovered further potentially exploitable bugs was checked into MPlayer CVS
+on Fri, 25 June 2004 16:49:52 +0000 (UTC). All of this will be included in MPlayer
+1.0pre5. Users of affected MPlayer versions should upgrade to latest CVS or MPlayer 1.0pre5
+once it becomes available. Alternatively a patch for the
+<a href="../../MPlayer/patches/vuln04-fix.diff">main</a> and
+<a href="../../MPlayer/patches/vuln04-0_90-fix.diff">0_90</a>
+MPlayer CVS versions is available that can be applied to the MPlayer source
+tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre4 and beforey<br>
+MPlayer 0.92.1 and before
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+none
+</p>
+
+
+<h3>History</h3>
+
+<p>
+On Tue, 1 June 2004 MPlayer developers were contacted by
+<a href="mailto:c0ntex at open-security.org">c0ntex</a> who had found a string
+handling vulnerability in the MPlayer GUI code complete with an example
+exploit and a preliminary fix. That fix was checked into MPlayer CVS on
+Wed, 2 June 2004 12:40:41 +0000 (UTC).
+</p>
+
+<p>
+When playing certain types of playlist files with extremely long entries a
+buffer overflow error occurs. This allows an attacker to overwrite memory with
+specially crafted playlist files and execute arbitrary code under the user ID
+running MPlayer.
+</p>
+
+<p>
+Richard Felker started a general audit of the GUI code for further string
+handling problems and uncovered a host of potential bugs, some of which were
+probably exploitable. Nicholas Kain proceeded to do a full audit of the MPlayer
+code for insecure string handling, which was finished by Alexander Strasser.
+The result of this audit was checked into MPlayer CVS on
+Fri, 25 June 2004 16:49:52 +0000 (UTC).
+</p>
+
+<p>
+Since the first quick review of the GUI code immediately revealed several
+potentially exploitable bugs we have refrained from publishing this advisory
+until a thorough audit of the whole code was finished.
+</p>
+
+<p>
+On Thu, 1 July 2004 11:22:29 (UTC) a simple port of the fixes was committed to
+the 0_90 stable MPlayer source tree. This was done without a further audit of
+the 0_90 code base due to lack of resources. We have therefore dropped further
+support of the 0_90 tree and recommend upgrading to MPlayer 1.0pre5 or latest
+CVS.
+</p>
+
+<h3>Download</h3>
+
+<p>
+MPlayer 1.0pre5, 0.93 and CVS snapshots can be downloaded from the MPlayer homepage or one of its many
+mirrors as soon as they become available. Go to the
+<a href="dload.html">MPlayer download page</a>
+to get MPlayer 1.0pre5 source code or a CVS snapshot.
+</p>
+
+
+
+
+
+
+<h2>
<a name="linuxtag2004">2004.06.25, Friday :: MPlayer name change</a>
<br><span class="poster">posted by Diego</span>
</h2>
More information about the MPlayer-DOCS
mailing list