Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title VLC: Multiple vulnerabilities
Informations
Name GLSA-200812-24 First vendor Publication 2008-12-24
Vendor Gentoo Last vendor Modification 2008-12-24
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code.

Background

VLC is a cross-platform media player and streaming server.

Description

Tobias Klein reported the following vulnerabilities:

* A stack-based buffer overflow when processing CUE image files in modules/access/vcd/cdrom.c (CVE-2008-5032).

* A stack-based buffer overflow when processing RealText (.rt)
subtitle files in the ParseRealText() function in modules/demux/subtitle.c (CVE-2008-5036).

* An integer overflow when processing RealMedia (.rm) files in the ReadRealIndex() function in real.c in the Real demuxer plugin,
leading to a heap-based buffer overflow (CVE-2008-5276).

Impact

A remote attacker could entice a user to open a specially crafted CUE image file, RealMedia file or RealText subtitle file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All VLC users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/vlc-0.9.8a"

References

[ 1 ] CVE-2008-5032 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5032
[ 2 ] CVE-2008-5036 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036
[ 3 ] CVE-2008-5276 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5276

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200812-24.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200812-24.xml

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13455
 
Oval ID: oval:org.mitre.oval:def:13455
Title: DSA-1819-1 vlc -- several vulnerabilities
Description: Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. CVE-2008-1769 Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. CVE-2008-1881 Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. CVE-2008-2147 It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. CVE-2008-2430 Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. CVE-2008-3794 Pınar YanardaÄ discovered that it is possible to execute arbitrary code when opening a crafted mmst link. CVE-2008-4686 Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. CVE-2008-5032 Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. For the oldstable distribution, these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch3. For the stable distribution, these problems have been fixed in version 0.8.6.h-4+lenny2, which was already included in the lenny release. For the testing distribution and the unstable distribution, these problems have been fixed in version 0.8.6.h-5. We recommend that you upgrade your vlc packages.
Family: unix Class: patch
Reference(s): DSA-1819-1
CVE-2008-1768
CVE-2008-1769
CVE-2008-1881
CVE-2008-2147
CVE-2008-2430
CVE-2008-3794
CVE-2008-4686
CVE-2008-5032
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): vlc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14329
 
Oval ID: oval:org.mitre.oval:def:14329
Title: Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6
Description: Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Family: windows Class: vulnerability
Reference(s): CVE-2008-5036
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): VLC Media Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14793
 
Oval ID: oval:org.mitre.oval:def:14793
Title: Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7
Description: Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2008-5276
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): VLC Media Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14798
 
Oval ID: oval:org.mitre.oval:def:14798
Title: Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5
Description: Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.
Family: windows Class: vulnerability
Reference(s): CVE-2008-5032
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): VLC Media Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8254
 
Oval ID: oval:org.mitre.oval:def:8254
Title: DSA-1819 vlc -- several vulnerabilities
Description: Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. Pinar Yanarda discovered that it is possible to execute arbitrary code when opening a crafted mmst link. Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header.
Family: unix Class: patch
Reference(s): DSA-1819
CVE-2008-1768
CVE-2008-1769
CVE-2008-1881
CVE-2008-2147
CVE-2008-2430
CVE-2008-3794
CVE-2008-4686
CVE-2008-5032
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): vlc
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 39

SAINT Exploits

Description Link
VLC media player RealText subtitle file ParseRealText buffer overflow More info here

OpenVAS Exploits

Date Description
2009-06-23 Name : Debian Security Advisory DSA 1819-1 (vlc)
File : nvt/deb_1819_1.nasl
2008-12-29 Name : Gentoo Security Advisory GLSA 200812-24 (vlc)
File : nvt/glsa_200812_24.nasl
2008-12-10 Name : FreeBSD Ports: vlc-devel
File : nvt/freebsd_vlc-devel.nasl
2008-12-09 Name : VLC Media Player Buffer Overflow Vulnerability (Linux)
File : nvt/gb_vlc_media_player_intgr_bof_vuln_lin.nasl
2008-12-09 Name : VLC Media Player Buffer Overflow Vulnerability (Win)
File : nvt/gb_vlc_media_player_intgr_bof_vuln_win.nasl
2008-11-19 Name : FreeBSD Ports: vlc
File : nvt/freebsd_vlc0.nasl
2008-11-14 Name : VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)
File : nvt/gb_vlc_media_player_mult_bof_vuln_nov08_lin.nasl
2008-11-14 Name : VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Win)
File : nvt/gb_vlc_media_player_mult_bof_vuln_nov08_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50333 VLC Media Player modules/demux/real.c ReadRealIndex() Function Remote Overflow
49809 VLC Media Player RealText Demuxer Subtitle File Handling Overflow
49808 VLC Media Player CUE Demuxer Image File Handling Overflow

A remote overflow exists in VideoLAN VLC Media Player. The media player fails to properly bounds check CUE Demuxer images resulting in a stack overflow. With a specially crafted image, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt
RuleID : 15241 - Revision : 15 - Type : FILE-MULTIMEDIA
2014-01-10 VideoLAN VLC Media Player RealText buffer overflow attempt
RuleID : 15166 - Revision : 13 - Type : FILE-MULTIMEDIA

Nessus® Vulnerability Scanner

Date Description
2009-06-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1819.nasl - Type : ACT_GATHER_INFO
2008-12-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200812-24.nasl - Type : ACT_GATHER_INFO
2008-12-09 Name : The remote Windows host contains an application that is affected by an intege...
File : vlc_0_9_8a.nasl - Type : ACT_GATHER_INFO
2008-12-08 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_acf80afac3ef11dda7210030843d3802.nasl - Type : ACT_GATHER_INFO
2008-11-10 Name : The remote Windows host contains an application that is affected by multiple ...
File : vlc_0_9_6.nasl - Type : ACT_GATHER_INFO
2008-11-09 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4b09378eaddb11dda5780030843d3802.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:36:13
  • Multiple Updates