BugTraq
[ GLSA 200803-13 ] VLC: Multiple vulnerabilities Mar 07 2008 11:17PM
Pierre-Yves Rofes (py gentoo org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: VLC: Multiple vulnerabilities
Date: March 07, 2008
Bugs: #203345, #211575, #205299
ID: 200803-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities were found in VLC, allowing for the execution
of arbitrary code and Denial of Service.

Background
==========

VLC is a cross-platform media player and streaming server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-video/vlc < 0.8.6e >= 0.8.6e

Description
===========

Multiple vulnerabilities were found in VLC:

* Michal Luczaj and Luigi Auriemma reported that VLC contains
boundary errors when handling subtitles in the ParseMicroDvd(),
ParseSSA(), and ParseVplayer() functions in the
modules/demux/subtitle.c file, allowing for a stack-based buffer
overflow (CVE-2007-6681).

* The web interface listening on port 8080/tcp contains a format
string error in the httpd_FileCallBack() function in the
network/httpd.c file (CVE-2007-6682).

* The browser plugin possibly contains an argument injection
vulnerability (CVE-2007-6683).

* The RSTP module triggers a NULL pointer dereference when processing
a request without a "Transport" parameter (CVE-2007-6684).

* Luigi Auriemma and Remi Denis-Courmont found a boundary error in
the modules/access/rtsp/real_sdpplin.c file when processing SDP data
for RTSP sessions (CVE-2008-0295) and a vulnerability in the
libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a
heap-based buffer overflow.

* Felipe Manzano and Anibal Sacco (Core Security Technologies)
discovered an arbitrary memory overwrite vulnerability in VLC's
MPEG-4 file format parser (CVE-2008-0984).

Impact
======

A remote attacker could send a long subtitle in a file that a user is
enticed to open, a specially crafted MP4 input file, long SDP data, or
a specially crafted HTTP request with a "Connection" header value
containing format specifiers, possibly resulting in the remote
execution of arbitrary code. Also, a Denial of Service could be caused
and arbitrary files could be overwritten via the "demuxdump-file"
option in a filename in a playlist or via an EXTVLCOPT statement in an
MP3 file.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All VLC users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6e"

References
==========

[ 1 ] CVE-2007-6681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6681
[ 2 ] CVE-2007-6682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6682
[ 3 ] CVE-2007-6683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6683
[ 4 ] CVE-2007-6684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6684
[ 5 ] CVE-2008-0295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0295
[ 6 ] CVE-2008-0296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0296
[ 7 ] CVE-2008-0984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200803-13.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH0cz4uhJ+ozIKI5gRAku2AJ48uLioRmDL3ULyqGRGGQJQj0A0YACgowss
NSRHQSa+5Fq4jOY2CxzrRuU=
=pnZh
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus