• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MPlayer/Xine-Lib Multiple RealRTSP Buffer Overrun Vulnerabilities

Multiple buffer overruns were reported in realrtsp code shared between MPlayer and xine-lib.

One of the reported vulnerabilities may be triggered by enticing a user to request an excessively long URI from an RTSP server. Such a URI could be embedded in a playlist or possibly linked to from within a web page (if one of the players is configured as a handler for RTSP URIs).

Two more issues were also reported that could be exploited by a malicious RTSP server. One of the issues is exposed during session negotiation and the other issue is exposed when the clients receive RDT (Real Data Transfer) packets from the server.

These issues may permit remote attackers to execute arbitrary code in the context of the client user.

It should be noted that these issues are not present if support for realrtsp has been disabled.