CVE-2005-2718
CVSS7.5
发布时间 :2005-08-29 16:14:00
修订时间 :2016-10-17 23:29:39
NMCOPS    

[原文]Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via crafted PCM audio data, as demonstrated using a video file with an audio header containing a large value in a stream format (strf) chunk.


[CNNVD]MPlayer 'ad_pcm.c' 缓冲区溢出漏洞 (CNNVD-200508-297)

        MPlayer 1.0pre7及其早期版本中的ad_pcm.c存在缓冲区溢出。这使得远程攻击者可以借助于精心设计的音频数据执行任意代码,如使用一个其音频头包含一大的流格式(strf)块的可视文件。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2718
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2718
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-297
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=full-disclosure&m=112484733122809&w=2
(UNKNOWN)  FULLDISC  20050824 mplayer overflow
http://www.mandriva.com/security/advisories?name=MDKSA-2005:158
(UNKNOWN)  MANDRIVA  MDKSA-2005:158
http://www.securityfocus.com/bid/14652
(UNKNOWN)  BID  14652
http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt
(VENDOR_ADVISORY)  MISC  http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt
https://bugs.gentoo.org/show_bug.cgi?id=103555
(VENDOR_ADVISORY)  CONFIRM  https://bugs.gentoo.org/show_bug.cgi?id=103555

- 漏洞信息

MPlayer 'ad_pcm.c' 缓冲区溢出漏洞
高危 缓冲区溢出
2005-08-29 00:00:00 2005-10-20 00:00:00
远程  
        MPlayer 1.0pre7及其早期版本中的ad_pcm.c存在缓冲区溢出。这使得远程攻击者可以借助于精心设计的音频数据执行任意代码,如使用一个其音频头包含一大的流格式(strf)块的可视文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        lm_sensors lm_sensors 2.8.4
        Mandriva liblm_sensors3-2.8.4-2.1.100mdk.i586.rpm
        Mandrakelinux 10.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva liblm_sensors3-2.8.4-2.1.C30mdk.i586.rpm
        Corporate 3.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva liblm_sensors3-devel-2.8.4-2.1.100mdk.i586.rpm
        Mandrakelinux 10.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva liblm_sensors3-devel-2.8.4-2.1.C30mdk.i586.rpm
        Corporate 3.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva liblm_sensors3-static-devel-2.8.4-2.1.100mdk.i586.rpm
        Mandrakelinux 10.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva liblm_sensors3-static-devel-2.8.4-2.1.C30mdk.i586.rpm
        Corporate 3.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva lm_sensors-2.8.4-2.1.100mdk.amd64.rpm
        Mandrakelinux 10.0/AMD64
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva lm_sensors-2.8.4-2.1.100mdk.i586.rpm
        Mandrakelinux 10.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva lm_sensors-2.8.4-2.1.C30mdk.i586.rpm
        Corporate 3.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva lm_sensors-2.8.4-2.1.C30mdk.x86_64.rpm
        Corporate 3.0/X86_64
        http://www1.mandrivalinux.com/en/ftp.php3
        lm_sensors lm_sensors 2.8.6
        Conectiva liblm_sensors3-2.8.6-61068U10_1cl.i386.rpm
        Conectiva 10
        ftp://atualizacoes.conectiva.com.br/10/RPMS/liblm_sensors3-2.8.6-61068 U10_1cl.i386.rpm
        Conectiva lm_sensors-2.8.6-61068U10_1cl.i386.rpm
        Conectiva 10
        ftp://atualizacoes.conectiva.com.br/10/RPMS/lm_sensors-2.8.6-61068U10_ 1cl.i386.rpm
        Conectiva lm_sensors-devel-2.8.6-61068U10_1cl.i386.rpm
        Conectiva 10
        ftp://atualizacoes.conectiva.com.br/10/RPMS/lm_sensors-devel-2.8.6-610 68U10_1cl.i386.rpm
        Conectiva lm_sensors-devel-static-2.8.6-61068U10_1cl.i386.rpm
        Conectiva 10
        ftp://atualizacoes.conectiva.com.br/10/RPMS/lm_sensors-devel-static-2. 8.6-61068U10_1cl.i386.rpm
        Conectiva lm_sensors-doc-2.8.6-61068U10_1cl.i386.rpm
        Conectiva 10
        ftp://atualizacoes.conectiva.com.br/10/RPMS/lm_sensors-doc-2.8.6-61068 U10_1cl.i386.rpm
        Conectiva lm_sensors-sensord-2.8.6-61068U10_1cl.i386.rpm
        Conectiva 10
        ftp://atualizacoes.conectiva.com.br/10/RPMS/lm_sensors-sensord-2.8.6-6 1068U10_1cl.i386.rpm
        Conectiva lm_sensors-tellerstats-2.8.6-61068U10_1cl.i386.rpm
        Conectiva 10
        ftp://atualizacoes.conectiva.com.br/10/RPMS/lm_sensors-tellerstats-2.8 .6-61068U10_1cl.i386.rpm
        lm_sensors lm_sensors 2.8.7
        Mandriva liblm_sensors3-2.8.7-7.1.101mdk.i586.rpm
        Mandrakelinux 10.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva liblm_sensors3-2.9.0-4.1.102mdk.i586.rpm
        Mandrakelinux 10.2
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva liblm_sensors3-devel-2.8.7-7.1.101mdk.i586.rpm
        Mandrakelinux 10.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva liblm_sensors3-devel-2.9.0-4.1.102mdk.i586.rpm
        Mandrakelinux 10.2
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva liblm_sensors3-static-devel-2.8.7-7.1.101mdk.i586.rpm
        Mandrakelinux 10.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva lm_sensors-2.8.7-7.1.101mdk.i586.rpm
        Mandrakelinux 10.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva lm_sensors-2.8.7-7.1.101mdk.x86_64.rpm
        Mandrakelinux 10.1/X86_64
        http://www1.mandrivalinux.com/en/ftp.php3
        RedHat Fedora lm_sensors-2.8.7-2.FC3.1.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat Fedora lm_sensors-2.8.7-2.FC3.1.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat Fedora lm_sensors-debuginfo-2.8.7-2.FC3.1.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat Fedora lm_sensors-debuginfo-2.8.7-2.FC3.1.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat Fedora lm_sensors-devel-2.8.7-2.FC3.1.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat Fedora lm_sensors-devel-2.8.7-2.FC3.1.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        lm_sensors lm_sensors 2.

- 漏洞信息 (F39808)

Gentoo Linux Security Advisory 200509-1 (PacketStormID:F39808)
2005-09-05 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-2718
[点击下载]

Gentoo Linux Security Advisory GLSA 200509-01 - Sven Tantau discovered a heap overflow in the code handling the strf chunk of PCM audio streams. Versions less than 1.0_pre7-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200509-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: MPlayer: Heap overflow in ad_pcm.c
      Date: September 01, 2005
      Bugs: #103555
        ID: 200509-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A heap overflow in MPlayer might lead to the execution of arbitrary
code.

Background
==========

MPlayer is a media player capable of handling multiple multimedia file
formats.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /    Vulnerable    /              Unaffected
    -------------------------------------------------------------------
  1  media-video/mplayer      < 1.0_pre7-r1             >= 1.0_pre7-r1

Description
===========

Sven Tantau discovered a heap overflow in the code handling the strf
chunk of PCM audio streams.

Impact
======

An attacker could craft a malicious video or audio file which, when
opened using MPlayer, would end up executing arbitrary code on the
victim's computer with the permissions of the user running MPlayer.

Workaround
==========

You can mitigate the issue by adding "ac=-pcm," to your MPlayer
configuration file (note that this will prevent you from playing
uncompressed audio).

Resolution
==========

All MPlayer users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre7-r1"

References
==========

  [ 1 ] CAN-2005-2718
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2718
  [ 2 ] Original Advisory
        http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200509-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

19019
MPlayer Video File Audio Header strf Overflow
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity
Vendor Verified

- 漏洞描述

A remote overflow exists in mplayer. The product fails to properly calculate the length of a buffer used in decoding audio streams, resulting in a heap overflow. With a specially crafted media file, an attacker can cause execution of arbitrary code in the context of the user resulting in a loss of confidentiality or integrity.

- 时间线

2005-08-24 2005-08-10
Unknow Unknow

- 解决方案

Upgrade to version 1.0pre7try2 or higher, or build from CVS after August 25, 2005, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

MPlayer Audio Header Buffer Overflow Vulnerability
Boundary Condition Error 14652
Yes No
2005-08-24 12:00:00 2009-07-12 05:06:00
Sven Tantau <sven@sven-tantau.de> disclosed this issue.

- 受影响的程序版本

MPlayer MPlayer 1.0 pre6-r4
MPlayer MPlayer 1.0 pre6-3.3.5-20050130
MPlayer MPlayer 1.0 pre6
+ Gentoo Linux
MPlayer MPlayer 1.0 pre5
+ Gentoo Linux 1.4
+ Gentoo Linux
MPlayer MPlayer 1.0 pre3
MPlayer MPlayer 1.0pre7try2
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Conectiva Linux 10.0

- 漏洞讨论

A buffer-overflow vulnerability affects MPlayer. The application fails to properly validate the length of user-supplied strings before copying them into static process buffers.

The problem presents itself when the affected application tries to process audio streams that contain overly large values in their header.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案


Please see the referenced vendor advisories for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com


MPlayer MPlayer 1.0pre7try2

MPlayer MPlayer 1.0 pre3

MPlayer MPlayer 1.0 pre5

MPlayer MPlayer 1.0 pre6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站