Executive Summary
Summary | |
---|---|
Title | New vlc packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1819 | First vendor Publication | 2009-06-18 |
Vendor | Debian | Last vendor Modification | 2009-06-18 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. CVE-2008-1769 Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. CVE-2008-1881 Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. CVE-2008-2147 It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. CVE-2008-2430 Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. CVE-2008-3794 Pınar Yanardağ discovered that it is possible to execute arbitrary code when opening a crafted mmst link. CVE-2008-4686 Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. CVE-2008-5032 Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. For the oldstable distribution (etch), these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch3. For the stable distribution (lenny), these problems have been fixed in version 0.8.6.h-4+lenny2, which was already included in the lenny release. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 0.8.6.h-5. We recommend that you upgrade your vlc packages. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1819 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
38 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
38 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-399 | Resource Management Errors |
12 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13455 | |||
Oval ID: | oval:org.mitre.oval:def:13455 | ||
Title: | DSA-1819-1 vlc -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. CVE-2008-1769 Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. CVE-2008-1881 Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. CVE-2008-2147 It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. CVE-2008-2430 Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. CVE-2008-3794 Pınar YanardaÄ discovered that it is possible to execute arbitrary code when opening a crafted mmst link. CVE-2008-4686 Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. CVE-2008-5032 Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. For the oldstable distribution, these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch3. For the stable distribution, these problems have been fixed in version 0.8.6.h-4+lenny2, which was already included in the lenny release. For the testing distribution and the unstable distribution, these problems have been fixed in version 0.8.6.h-5. We recommend that you upgrade your vlc packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1819-1 CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vlc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14344 | |||
Oval ID: | oval:org.mitre.oval:def:14344 | ||
Title: | Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows | ||
Description: | Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2430 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14412 | |||
Oval ID: | oval:org.mitre.oval:def:14412 | ||
Title: | Multiple integer overflows in VLC before 0.8.6f allow remote denial of service | ||
Description: | Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1768 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14445 | |||
Oval ID: | oval:org.mitre.oval:def:14445 | ||
Title: | Denial of service vulnerability in VLC before 0.8.6f | ||
Description: | VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1769 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14531 | |||
Oval ID: | oval:org.mitre.oval:def:14531 | ||
Title: | Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i | ||
Description: | Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3794 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14630 | |||
Oval ID: | oval:org.mitre.oval:def:14630 | ||
Title: | Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player | ||
Description: | Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4686 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14769 | |||
Oval ID: | oval:org.mitre.oval:def:14769 | ||
Title: | DEPRECATED: Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 | ||
Description: | Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2430 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14798 | |||
Oval ID: | oval:org.mitre.oval:def:14798 | ||
Title: | Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 | ||
Description: | Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-5032 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14872 | |||
Oval ID: | oval:org.mitre.oval:def:14872 | ||
Title: | Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e | ||
Description: | Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1881 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8254 | |||
Oval ID: | oval:org.mitre.oval:def:8254 | ||
Title: | DSA-1819 vlc -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. Pinar Yanarda discovered that it is possible to execute arbitrary code when opening a crafted mmst link. Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1819 CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vlc |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-06-23 | Name : Debian Security Advisory DSA 1819-1 (vlc) File : nvt/deb_1819_1.nasl |
2008-12-29 | Name : Gentoo Security Advisory GLSA 200812-24 (vlc) File : nvt/glsa_200812_24.nasl |
2008-11-19 | Name : FreeBSD Ports: vlc File : nvt/freebsd_vlc0.nasl |
2008-11-14 | Name : VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux) File : nvt/gb_vlc_media_player_mult_bof_vuln_nov08_lin.nasl |
2008-11-14 | Name : VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Win) File : nvt/gb_vlc_media_player_mult_bof_vuln_nov08_win.nasl |
2008-10-22 | Name : VLC Media Player TY Processing BOF Vulnerability (Linux) File : nvt/gb_vlc_media_player_ty_bof_vuln_lin.nasl |
2008-10-22 | Name : VLC Media Player TY Processing Buffer Overflow Vulnerability (Win) File : nvt/gb_vlc_media_player_ty_bof_vuln_win.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-25 (vlc) File : nvt/glsa_200804_25.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-13 (vlc) File : nvt/glsa_200807_13.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200809-06 (vlc) File : nvt/glsa_200809_06.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
49808 | VLC Media Player CUE Demuxer Image File Handling Overflow A remote overflow exists in VideoLAN VLC Media Player. The media player fails to properly bounds check CUE Demuxer images resulting in a stack overflow. With a specially crafted image, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
49453 | VLC Media Player TY Demux Plugin ty.c Crafted TY File Handling Overflow |
47836 | VLC Media Player modules/access/mms/mmstu.c mms_ReceiveCommand Function Remot... |
46660 | VLC Media Player modules/demux/wav.c Open() Function Crafted WAV File Handlin... |
45187 | VLC modules / plugins Subdirectory Search Path Subversion Local Privilege Esc... |
44718 | VLC Cinepak Codec Remote Overflow DoS |
44717 | VLC MP4 Demuxer Remote Overflow DoS |
44716 | VLC Real Demuxer Remote Overflow DoS |
44578 | VLC Crafted Cinepak File Memory Corruption DoS |
44461 | VLC ParseSSA function (modules/demux/subtitle.c) SSA File Handling Remote Ove... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | VideoLAN VLC Media Player WAV processing integer overflow attempt RuleID : 15080 - Revision : 13 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-06-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1819.nasl - Type : ACT_GATHER_INFO |
2008-12-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-24.nasl - Type : ACT_GATHER_INFO |
2008-11-10 | Name : The remote Windows host contains an application that is affected by multiple ... File : vlc_0_9_6.nasl - Type : ACT_GATHER_INFO |
2008-11-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4b09378eaddb11dda5780030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-09-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200809-06.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-13.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Windows host contains an application that is affected by an intege... File : vlc_0_8_6i.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-25.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:28:33 |
|