[MPlayer-DOCS] [homepage]: r2768 - trunk/src/news.src.en

rtogni subversion at mplayerhq.hu
Sun Dec 31 14:44:01 CET 2006 

Author: rtogni
Date: Sun Dec 31 14:44:01 2006
New Revision: 2768

Modified:
   trunk/src/news.src.en

Log:
Advisory for buffer overflow in asmrp.c


Modified: trunk/src/news.src.en
==============================================================================
--- trunk/src/news.src.en	(original)
+++ trunk/src/news.src.en	Sun Dec 31 14:44:01 2006
@@ -8,6 +8,79 @@
 <div class="newsentry">
 
 <h2>
+	<a name="vuln14">2006.12.31, Sunday :: buffer overflow in asmrp.c</a>
+	<br><span class="poster">posted by Roberto</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+The code mentioned in
+<a href="http://www.debian.org/security/2006/dsa-1244">DSA 1244-1</a>
+is also included in MPlayer.
+A potential buffer overflow was found in the code used to handle RealMedia RTSP
+streams. When checking for matching asm rules, the code stores the results in
+a fixed-size array, but no boundary checks are performed. This may lead to a
+buffer overflow if the user is tricked into connecting to a malicious server.
+Since the attacker can not write arbitrary data into the buffer, creating an
+exploit is very hard; but a DoS attack is easily made.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (DoS and eventually arbitrary remote code execution under the user ID
+running the player) when setting up a RTSP session from a malicious server,
+null if you do not use this feature.
+At the time the buffer overflow was fixed there was no known exploit.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006 UTC
+as r21799. The fix involves three files:
+<a href="http://svn.mplayerhq.hu/mplayer/trunk/stream/realrtsp/asmrp.c?r1=20717&r2=21799">stream/realrtsp/asmrp.c</a>,
+<a href="http://svn.mplayerhq.hu/mplayer/trunk/stream/realrtsp/asmrp.h?r1=19277&r2=21799">stream/realrtsp/asmrp.h</a> and
+<a href="http://svn.mplayerhq.hu/mplayer/trunk/stream/realrtsp/real.c?r1=21523&r2=21799">stream/realrtsp/real.c</a>.
+Users of affected MPlayer versions should download a
+<a href="http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff">patch</a>
+for MPlayer 1.0rc1 or update to the latest version if they're using SVN.
+</p>
+
+<p>
+Please note that we are not releasing an updated tarball with this fix at this
+moment, since MPlayer 1.0rc2 is alredy in process.<br>
+If you need to stay with 1.0rc1, get the MPlayer 1.0rc1 tarball,
+apply the patch with the fix and recompile MPlayer; else upgrade to SVN.<br>
+If you mantain a binary package for MPlayer, please name the updated version
+MPlayer 1.0rc1try2.
+</p>
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0rc1 and SVN before r21799 (Sun Dec 31 13:27:53 2006 UTC).
+Older versions are probably affected, too, but they were not checked.
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+SVN HEAD after r21799 (Sun Dec 31 13:27:53 2006 UTC)<br>
+MPlayer 1.0rc1 + security patch
+</p>
+
+<h4>Happy new year from MPlayer team.</h4>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
 	<a name="mplayer10rc1">2006.10.22, Sunday :: MPlayer 1.0rc1 released</a>
 	<br><span class="poster">posted by the release team</span>
 </h2>

More information about the MPlayer-DOCS mailing list