Executive Summary
Summary | |
---|---|
Title | New vlc packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1543 | First vendor Publication | 2008-04-09 |
Vendor | Debian | Last vendor Modification | 2008-04-09 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc. The Common Vulnerabilities and Exposures project identifies the following eight problems: CVE-2007-6681 A buffer overflow vulnerability in subtitle handling allows an attacker to execute arbitrary code through the opening of a maliciously crafted MicroDVD, SSA or Vplayer file. CVE-2007-6682 A format string vulnerability in the HTTP-based remote control facility of the vlc application allows a remote, unauthenticated attacker to execute arbitrary code. CVE-2007-6683 Insecure argument validation allows a remote attacker to overwrite arbitrary files writable by the user running vlc, if a maliciously crafted M3U playlist or MP3 audio file is opened. CVE-2008-0295, CVE-2008-0296 Heap buffer overflows in RTSP stream and session description protocol (SDP) handling allow an attacker to execute arbitrary code if a maliciously-crafted RTSP stream is played. CVE-2008-0073 Insufficient integer bounds checking in SDP handling allows the execution of arbitrary code through a maliciously crafted SDP stream ID parameter in an RTSP stream. CVE-2008-0984 Insufficient integrity checking in the MP4 demuxer allows a remote attacker to overwrite arbitrary memory and execute arbitrary code if a maliciously-crafted MP4 file is opened. CVE-2008-1489 An integer overflow vulnerability in MP4 handling allows a remote attacker to cause a heap buffer overflow, inducing a crash and possibly the execution of arbitrary code if a maliciously-crafted MP4 file is opened. For the stable distribution (etch), these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch2. For the unstable distribution (sid), these problems have been fixed in version 0.6.8.e-2. We recommend that you upgrade your vlc packages. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1543 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
17 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14334 | |||
Oval ID: | oval:org.mitre.oval:def:14334 | ||
Title: | Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d | ||
Description: | Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6681 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14597 | |||
Oval ID: | oval:org.mitre.oval:def:14597 | ||
Title: | Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows | ||
Description: | Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0296 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14619 | |||
Oval ID: | oval:org.mitre.oval:def:14619 | ||
Title: | The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files | ||
Description: | The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6683 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14776 | |||
Oval ID: | oval:org.mitre.oval:def:14776 | ||
Title: | Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier | ||
Description: | Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0295 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14790 | |||
Oval ID: | oval:org.mitre.oval:def:14790 | ||
Title: | Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d | ||
Description: | Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6682 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14841 | |||
Oval ID: | oval:org.mitre.oval:def:14841 | ||
Title: | Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e | ||
Description: | Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1489 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18478 | |||
Oval ID: | oval:org.mitre.oval:def:18478 | ||
Title: | DSA-1543-1 vlc - several vulnerabilities | ||
Description: | Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1543-1 CVE-2007-6681 CVE-2007-6682 CVE-2007-6683 CVE-2008-0295 CVE-2008-0296 CVE-2008-0073 CVE-2008-0984 CVE-2008-1489 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vlc |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26439 | |||
Oval ID: | oval:org.mitre.oval:def:26439 | ||
Title: | Memory corruption vulnerability in MP4 demuxer (mp4.c) for VLC media player via a malformed MP4 file | ||
Description: | The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0984 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7830 | |||
Oval ID: | oval:org.mitre.oval:def:7830 | ||
Title: | DSA-1543 vlc -- several vulnerabilities | ||
Description: | Luigi Auriemma, Alin Rad Pop, Reacute mi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc. The Common Vulnerabilities and Exposures project identifies the following eight problems: A buffer overflow vulnerability in subtitle handling allows an attacker to execute arbitrary code through the opening of a maliciously crafted MicroDVD, SSA or Vplayer file. A format string vulnerability in the HTTP-based remote control facility of the vlc application allows a remote, unauthenticated attacker to execute arbitrary code. Insecure argument validation allows a remote attacker to overwrite arbitrary files writable by the user running vlc, if a maliciously crafted M3U playlist or MP3 audio file is opened. Heap buffer overflows in RTSP stream and session description protocol (SDP) handling allow an attacker to execute arbitrary code if a maliciously crafted RTSP stream is played. Insufficient integer bounds checking in SDP handling allows the execution of arbitrary code through a maliciously crafted SDP stream ID parameter in an RTSP stream. Insufficient integrity checking in the MP4 demuxer allows a remote attacker to overwrite arbitrary memory and execute arbitrary code if a maliciously crafted MP4 file is opened. An integer overflow vulnerability in MP4 handling allows a remote attacker to cause a heap buffer overflow, inducing a crash and possibly the execution of arbitrary code if a maliciously crafted MP4 file is opened. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1543 CVE-2007-6681 CVE-2007-6682 CVE-2007-6683 CVE-2008-0295 CVE-2008-0296 CVE-2008-0073 CVE-2008-0984 CVE-2008-1489 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vlc |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2008-05-23 | VLC 0.8.6d SSA Parsing Double Sh311 Universal Exploit |
2008-04-28 | VLC 0.8.6d - httpd_FileCallBack Remote Format String Exploit |
2008-03-25 | MPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:178 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_178.nasl |
2009-04-09 | Name : Mandriva Update for mplayer MDVSA-2008:219 (mplayer) File : nvt/gb_mandriva_MDVSA_2008_219.nasl |
2009-03-23 | Name : Ubuntu Update for xine-lib vulnerabilities USN-635-1 File : nvt/gb_ubuntu_USN_635_1.nasl |
2009-02-17 | Name : Fedora Update for xine-lib FEDORA-2008-7572 File : nvt/gb_fedora_2008_7572_xine-lib_fc8.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-2569 File : nvt/gb_fedora_2008_2569_xine-lib_fc8.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-2945 File : nvt/gb_fedora_2008_2945_xine-lib_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-13 (vlc) File : nvt/glsa_200803_13.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-25 (vlc) File : nvt/glsa_200804_25.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-01 (xine-lib) File : nvt/glsa_200808_01.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1543-1 (vlc) File : nvt/deb_1543_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1536-1 (xine-lib) File : nvt/deb_1536_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-089-03 xine-lib File : nvt/esoft_slk_ssa_2008_089_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43702 | VLC Media Player libmp4.c MP4_ReadBox_rdrf() Function MP4 RDRF Box Handling O... |
43436 | xine-lib sdpplin_parse() Function Array Indexing |
43002 | VLC Media Player MP4 Demuxer (mp4.c) Arbitrary Memory Overwrite |
42208 | VLC Media Player network/httpd.c httpd_FileCallBack Function Connection Param... |
42207 | VLC Media Player modules/demux/subtitle.c Multiple File Format subtitle Handl... |
42206 | VLC Media Player Browser Plug-in MP3 File EXTVLCOPT Statement Arbitrary File ... |
42205 | VLC Media Player Browser Plug-in Playlist Filename :demuxdump-file Option Arb... |
42194 | Xine Library modules/access/rtsp/real_sdpplin.c SDP Data Handling Overflow |
42193 | VLC Media Player on Windows RTSP Data Handling Unspecified Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | VideoLAN vlc player subtitle buffer overflow attempt RuleID : 18744 - Revision : 9 - Type : FILE-MULTIMEDIA |
2014-01-10 | VLC player web interface format string attack RuleID : 18743 - Revision : 8 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-178.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-219.nasl - Type : ACT_GATHER_INFO |
2008-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-635-1.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-01.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-25.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1543.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2945.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Windows host contains a media player that is affected by several v... File : vlc_0_8_6f.nasl - Type : ACT_GATHER_INFO |
2008-04-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1536.nasl - Type : ACT_GATHER_INFO |
2008-04-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5116.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-089-03.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5113.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2569.nasl - Type : ACT_GATHER_INFO |
2008-03-21 | Name : The remote VLC web server is affected by a format string vulnerability. File : vlc_0_8_6d_format_string.nasl - Type : ACT_DENIAL |
2008-03-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-13.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:31 |
|