[MPlayer-DOCS] CVS: homepage/src news.src.en,1.194,1.195
Roberto Togni CVS
syncmail at mplayerhq.hu
Sat Apr 16 01:39:10 CEST 2005
CVS change done by Roberto Togni CVS
Update of /cvsroot/mplayer/homepage/src
In directory mail:/var2/tmp/cvs-serv1236
Modified Files:
news.src.en
Log Message:
Newsentries for rtsp and mmst security update
Index: news.src.en
===================================================================
RCS file: /cvsroot/mplayer/homepage/src/news.src.en,v
retrieving revision 1.194
retrieving revision 1.195
diff -u -r1.194 -r1.195
--- news.src.en 11 Apr 2005 19:15:00 -0000 1.194
+++ news.src.en 15 Apr 2005 23:39:08 -0000 1.195
@@ -3,6 +3,130 @@
<!-- $Revision$ -->
+<div class="newsentry">
+
+<h2>
+ <a name="vuln11">2005.04.16, Saturday :: MMST heap overflow</a>
+ <br><span class="poster">posted by Roberto</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+A potential buffer overflow was found and fixed in code used to handle
+MMST streams.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when streaming MMS/TCP data from a malicious server, null if you do not use
+this feature.
+At this time there is no known exploit.
+</p>
+
+<h3>Description</h3>
+
+<p>
+While enumerating streams from a server, MMST code stores stream IDs in a
+fixed length array, but there is no check to stop the process if too many
+stream IDs are received. A malicious server could announce more than 20
+streams and overflow the array.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability was checked into MPlayer CVS on
+Fri Apr 15 23:31:57 2005 UTC. Users of affected MPlayer
+versions should upgrade to an unaffected MPlayer version. Alternatively a
+<a href="../../MPlayer/patches/mmst_fix_20050415.diff">patch</a>
+is available that can be applied to the MPlayer source tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre6 and before (including pre6a)
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+MPlayer 1.0pre7 and after<br>
+CVS HEAD after Fri Apr 15 23:31:57 2005 UTC
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+ <a name="vuln10">2005.04.16, Saturday :: Real RTSP heap overflow</a>
+ <br><span class="poster">posted by Roberto</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+A potential buffer overflow was found and fixed in code used to handle
+RealMedia RTSP streams.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when streaming RTSP data from a malicious server, null if you do not use
+this feature.
+At this time there is no known exploit.
+</p>
+
+<h3>Description</h3>
+
+<p>
+While getting lines from a server, Real RTSP code stores them in a fixed size
+array of MAX_FIELDS elements, but there is no check to stop the process if
+too many lines are received. A malicious server could send more than
+MAX_FIELDS lines and overflow the array. Since the array holds pointers to
+answer strings, an attacker cannot write arbitrary data into it, making an
+exploit more difficult.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for the vulnerability was checked into MPlayer CVS on
+Fri Apr 15 23:30:44 2005 UTC. Users of affected MPlayer
+versions should upgrade to an unaffected MPlayer version. Alternatively a
+<a href="../../MPlayer/patches/rtsp_fix_20050415.diff">patch</a>
+is available that can be applied to the MPlayer source tree.
+</p>
+
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0pre6 and before (including pre6a)
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+MPlayer 1.0pre7 and after<br>
+CVS HEAD after Fri Apr 15 23:30:44 2005 UTC
+</p>
+
+</div>
+
+
+
<h1>News</h1>
<div class="newsentry">
More information about the MPlayer-DOCS
mailing list