Nessus Plugin #16011
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200412-21] MPlayer: Multiple overflows
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2004 Michel Arboi
- Summary:
- MPlayer: Multiple overflows
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200412-21
- Description:
- The remote host is affected by the vulnerability described in GLSA-200412-21
(MPlayer: Multiple overflows)
iDEFENSE, Ariel Berkman and the MPlayer development team found
multiple vulnerabilities in MPlayer. These include potential heap
overflows in Real RTSP and pnm streaming code, stack overflows in MMST
streaming code and multiple buffer overflows in BMP demuxer and mp3lib
code.
Impact
A remote attacker could craft a malicious file or design a
malicious streaming server. Using MPlayer to view this file or connect
to this server could trigger an overflow and execute
attacker-controlled code.
Workaround
There is no known workaround at this time.
References:
http://www.idefense.com/application/poi/display?id=168&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=167&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=166&type=vulnerabilities
http://tigger.uic.edu/~jlongs2/holes/mplayer.txt
Solution:
All MPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre5-r5"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.