Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[ GLSA 200803-13 ] VLC: Multiple vulnerabilities

From: Pierre-Yves Rofes <py () gentoo org>
Date: Sat, 08 Mar 2008 00:17:12 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200803-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: VLC: Multiple vulnerabilities
      Date: March 07, 2008
      Bugs: #203345, #211575, #205299
        ID: 200803-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities were found in VLC, allowing for the execution
of arbitrary code and Denial of Service.

Background
==========

VLC is a cross-platform media player and streaming server.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  media-video/vlc      < 0.8.6e                           >= 0.8.6e

Description
===========

Multiple vulnerabilities were found in VLC:

* Michal Luczaj and Luigi Auriemma reported that VLC contains
  boundary errors when handling subtitles in the ParseMicroDvd(),
  ParseSSA(), and ParseVplayer() functions in the
  modules/demux/subtitle.c file, allowing for a stack-based buffer
  overflow (CVE-2007-6681).

* The web interface listening on port 8080/tcp contains a format
  string error in the httpd_FileCallBack() function in the
  network/httpd.c file (CVE-2007-6682).

* The browser plugin possibly contains an argument injection
  vulnerability (CVE-2007-6683).

* The RSTP module triggers a NULL pointer dereference when processing
  a request without a "Transport" parameter (CVE-2007-6684).

* Luigi Auriemma and Remi Denis-Courmont found a boundary error in
  the modules/access/rtsp/real_sdpplin.c file when processing SDP data
  for RTSP sessions (CVE-2008-0295) and a vulnerability in the
  libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a
  heap-based buffer overflow.

* Felipe Manzano and Anibal Sacco (Core Security Technologies)
  discovered an arbitrary memory overwrite vulnerability in VLC's
  MPEG-4 file format parser (CVE-2008-0984).

Impact
======

A remote attacker could send a long subtitle in a file that a user is
enticed to open, a specially crafted MP4 input file, long SDP data, or
a specially crafted HTTP request with a "Connection" header value
containing format specifiers, possibly resulting in the remote
execution of arbitrary code. Also, a Denial of Service could be caused
and arbitrary files could be overwritten via the "demuxdump-file"
option in a filename in a playlist or via an EXTVLCOPT statement in an
MP3 file.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All VLC users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6e"

References
==========

  [ 1 ] CVE-2007-6681
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6681
  [ 2 ] CVE-2007-6682
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6682
  [ 3 ] CVE-2007-6683
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6683
  [ 4 ] CVE-2007-6684
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6684
  [ 5 ] CVE-2008-0295
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0295
  [ 6 ] CVE-2008-0296
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0296
  [ 7 ] CVE-2008-0984
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200803-13.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH0cz4uhJ+ozIKI5gRAku2AJ48uLioRmDL3ULyqGRGGQJQj0A0YACgowss
NSRHQSa+5Fq4jOY2CxzrRuU=
=pnZh
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: