Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title MPlayer: Multiple vulnerabilities
Informations
Name GLSA-200901-07 First vendor Publication 2009-01-12
Vendor Gentoo Last vendor Modification 2009-01-12
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service.

Background

MPlayer is a media player including support for a wide range of audio and video formats.

Description

Multiple vulnerabilities have been reported in MPlayer:

* A stack-based buffer overflow was found in the str_read_packet()
function in libavformat/psxstr.c when processing crafted STR files that interleave audio and video sectors (CVE-2008-3162).

* Felipe Andres Manzano reported multiple integer underflows in the demux_real_fill_buffer() function in demux_real.c when processing crafted Real Media files that cause the stream_read() function to read or write arbitrary memory (CVE-2008-3827).

* Tobias Klein reported a stack-based buffer overflow in the demux_open_vqf() function in libmpdemux/demux_vqf.c when processing malformed TwinVQ files (CVE-2008-5616).

Impact

A remote attacker could entice a user to open a specially crafted STR, Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All MPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-video/mplayer-1.0_rc2_p28058-r1 "

References

[ 1 ] CVE-2008-3162 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3162
[ 2 ] CVE-2008-3827 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3827
[ 3 ] CVE-2008-5616 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200901-07.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200901-07.xml

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12883
 
Oval ID: oval:org.mitre.oval:def:12883
Title: DSA-1782-1 mplayer -- several vulnerabilities
Description: Several vulnerabilities have been discovered in mplayer, a movie player for Unix-like systems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0385 It was discovered that watching a malformed 4X movie file could lead to the execution of arbitrary code. CVE-2008-4866 It was discovered that multiple buffer overflows could lead to the execution of arbitrary code. CVE-2008-5616 It was discovered that watching a malformed TwinVQ file could lead to the execution of arbitrary code. For the oldstable distribution, these problems have been fixed in version 1.0~rc1-12etch7. For the stable distribution, mplayer links against ffmpeg-debian. For the testing distribution and the unstable distribution, mplayer links against ffmpeg-debian. We recommend that you upgrade your mplayer packages.
Family: unix Class: patch
Reference(s): DSA-1782-1
CVE-2009-0385
CVE-2008-4866
CVE-2008-5616
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): mplayer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13670
 
Oval ID: oval:org.mitre.oval:def:13670
Title: DSA-1781-1 ffmpeg-debian -- several vulnerabilities
Description: Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0385 It was discovered that watching a malformed 4X movie file could lead to the execution of arbitrary code. CVE-2008-3162 It was discovered that using a crafted STR file can lead to the execution of arbitrary code. For the oldstable distribution, these problems have been fixed in version 0.cvs20060823-8+etch1. For the stable distribution, these problems have been fixed in version 0.svn20080206-17+lenny1. For the testing distribution and the unstable distribution , these problems have been fixed in version 0.svn20080206-16. We recommend that you upgrade your ffmpeg-debian packages.
Family: unix Class: patch
Reference(s): DSA-1781-1
CVE-2009-0385
CVE-2008-3162
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): ffmpeg-debian
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17029
 
Oval ID: oval:org.mitre.oval:def:17029
Title: USN-630-1 -- ffmpeg vulnerability
Description: It was discovered that ffmpeg did not correctly handle STR file demuxing.
Family: unix Class: patch
Reference(s): USN-630-1
CVE-2008-3162
 Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
 Product(s): ffmpeg
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18569
 
Oval ID: oval:org.mitre.oval:def:18569
Title: DSA-1644-1 mplayer - integer overflows
Description: Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially execution of arbitrary code by supplying a maliciously crafted video file.
Family: unix Class: patch
Reference(s): DSA-1644-1
CVE-2008-3827
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): mplayer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7843
 
Oval ID: oval:org.mitre.oval:def:7843
Title: DSA-1781 ffmpeg-debian -- several vulnerabilities
Description: Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that watching a malformed 4X movie file could lead to the execution of arbitrary code. It was discovered that using a crafted STR file can lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1781
CVE-2009-0385
CVE-2008-3162
 Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): ffmpeg-debian
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8207
 
Oval ID: oval:org.mitre.oval:def:8207
Title: DSA-1644 mplayer -- integer overflow
Description: Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially execution of arbitrary code by supplying a maliciously crafted video file.
Family: unix Class: patch
Reference(s): DSA-1644
CVE-2008-3827
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): mplayer
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 14
Application 23

OpenVAS Exploits

Date Description
2009-07-29 Name : Ubuntu USN-805-1 (ruby1.9)
File : nvt/ubuntu_805_1.nasl
2009-05-05 Name : Debian Security Advisory DSA 1781-1 (ffmpeg-debian)
File : nvt/deb_1781_1.nasl
2009-05-05 Name : Debian Security Advisory DSA 1782-1 (mplayer)
File : nvt/deb_1782_1.nasl
2009-04-09 Name : Mandriva Update for ffmpeg MDVSA-2008:157 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2008_157.nasl
2009-04-09 Name : Mandriva Update for mplayer MDVSA-2008:219 (mplayer)
File : nvt/gb_mandriva_MDVSA_2008_219.nasl
2009-03-31 Name : Gentoo Security Advisory GLSA 200903-33 (ffmpeg gst-plugins-ffmpeg mplayer)
File : nvt/glsa_200903_33.nasl
2009-03-23 Name : Ubuntu Update for ffmpeg vulnerability USN-630-1
File : nvt/gb_ubuntu_USN_630_1.nasl
2009-01-20 Name : mplayer -- vulnerability in STR files processor
File : nvt/freebsd_mplayer11.nasl
2009-01-20 Name : Mandrake Security Advisory MDVSA-2009:013 (mplayer)
File : nvt/mdksa_2009_013.nasl
2009-01-20 Name : Mandrake Security Advisory MDVSA-2009:014 (mplayer)
File : nvt/mdksa_2009_014.nasl
2009-01-13 Name : Gentoo Security Advisory GLSA 200901-07 (mplayer)
File : nvt/glsa_200901_07.nasl
2009-01-02 Name : mplayer -- twinvq processing buffer overflow vulnerability
File : nvt/freebsd_mplayer10.nasl
2008-10-03 Name : mplayer -- multiple integer overflows
File : nvt/freebsd_mplayer9.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50838 MPlayer libmpdemux/demux_vqf.c demux_open_vqf Function Malformed TwinVQ File ...
48662 MPlayer stream_read Function Crafted Video File Handling Multiple Underflows
46842 FFmpeg libavformat/psxstr.c libavformat str_read_packet() Function STR File H...

Snort® IPS/IDS

Date Description
2014-01-10 Mplayer Real Demuxer stream_read heap overflow attempt
RuleID : 17469 - Revision : 10 - Type : FILE-MULTIMEDIA
2014-01-10 MPlayer demux_open_vqf TwinVQ file handling buffer overflow attempt
RuleID : 17300 - Revision : 5 - Type : FILE-MULTIMEDIA

Nessus® Vulnerability Scanner

Date Description
2009-04-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1781.nasl - Type : ACT_GATHER_INFO
2009-04-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1782.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-157.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-219.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-013.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-014.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200903-33.nasl - Type : ACT_GATHER_INFO
2009-01-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_5ccb1c14e35711dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2009-01-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200901-07.nasl - Type : ACT_GATHER_INFO
2008-12-30 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_7c5bd5b8d65211dda7650030843d3802.nasl - Type : ACT_GATHER_INFO
2008-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1644.nasl - Type : ACT_GATHER_INFO
2008-10-02 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_724e6f938f2a11dd821f001cc0377035.nasl - Type : ACT_GATHER_INFO
2008-07-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-630-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:36:14
  • Multiple Updates