漏洞起因
边界条件错误
影响系统
VideoLAN VLC media player 1.0
VideoLAN VLC media player 0.9.9
VideoLAN VLC media player 0.9.7
VideoLAN VLC media player 0.9.6
VideoLAN VLC media player 0.9.5
VideoLAN VLC media player 0.9.4
VideoLAN VLC media player 0.9.3
VideoLAN VLC media player 0.9.2
VideoLAN VLC media player 0.9.1
VideoLAN VLC media player 0.9
VideoLAN VLC media player 0.8.6 i
VideoLAN VLC media player 0.8.6 h
VideoLAN VLC media player 0.8.6 g
VideoLAN VLC media player 0.8.6 d
VideoLAN VLC media player 0.8.6
+ Debian Linux 4.0 sparc
+ Debian Linux 4.0 s/390
+ Debian Linux 4.0 powerpc
+ Debian Linux 4.0 mipsel
+ Debian Linux 4.0 mips
+ Debian Linux 4.0 m68k
+ Debian Linux 4.0 ia-64
+ Debian Linux 4.0 ia-32
+ Debian Linux 4.0 hppa
+ Debian Linux 4.0 arm
+ Debian Linux 4.0 amd64
+ Debian Linux 4.0 alpha
+ Debian Linux 4.0
VideoLAN VLC media player 0.9.8a
VideoLAN VLC media player 0.8.6f
VideoLAN VLC media player 0.8.6e
VideoLAN VLC media player 0.8.6c
VideoLAN VLC media player 0.8.6b
VideoLAN VLC media player 0.8.6a
MPlayer MPlayer 1.0.20060329
MPlayer MPlayer 1.0 pre6-r4
MPlayer MPlayer 1.0 pre6-3.3.5-20050130
MPlayer MPlayer 1.0 pre6
+ Gentoo Linux
MPlayer MPlayer 1.0 pre5try2
MPlayer MPlayer 1.0 pre5try1
MPlayer MPlayer 1.0 pre5
+ Gentoo Linux 1.4
+ Gentoo Linux
MPlayer MPlayer 1.0 pre4
MPlayer MPlayer 1.0 pre3try2
MPlayer MPlayer 1.0 pre3
MPlayer MPlayer 1.0 pre2
MPlayer MPlayer 1.0 pre1
MPlayer MPlayer 0.92.1
MPlayer MPlayer 0.92
MPlayer MPlayer 0.91
+ MandrakeSoft Linux Mandrake 9.2
MPlayer MPlayer 0.90 rc series
MPlayer MPlayer 0.90 pre series
MPlayer MPlayer 0.90
MPlayer MPlayer 0.9 0rc4
+ MandrakeSoft Linux Mandrake 9.1
MPlayer MPlayer HEAD CVS
MPlayer MPlayer 1.0rc2-4.2.1
+ MandrakeSoft Linux Mandrake 2007.1 x86_64
+ MandrakeSoft Linux Mandrake 2007.1
+ MandrakeSoft Linux Mandrake 2007.0 x86_64
+ MandrakeSoft Linux Mandrake 2007.0
MPlayer MPlayer 1.0rc2
+ MandrakeSoft Linux Mandrake 2007.1 x86_64
+ MandrakeSoft Linux Mandrake 2007.1
+ MandrakeSoft Linux Mandrake 2007.0 x86_64
+ MandrakeSoft Linux Mandrake 2007.0
MPlayer MPlayer 1.0pre7try2
MPlayer MPlayer 1.0 -rc1
+ Debian Linux 4.0 sparc
+ Debian Linux 4.0 s/390
+ Debian Linux 4.0 powerpc
+ Debian Linux 4.0 mipsel
+ Debian Linux 4.0 mips
+ Debian Linux 4.0 m68k
+ Debian Linux 4.0 ia-64
+ Debian Linux 4.0 ia-32
+ Debian Linux 4.0 hppa
+ Debian Linux 4.0 arm
+ Debian Linux 4.0 amd64
+ Debian Linux 4.0 alpha
+ Debian Linux 4.0
+ MandrakeSoft Linux Mandrake 2007.1 x86_64
+ MandrakeSoft Linux Mandrake 2007.1 x86_64
+ MandrakeSoft Linux Mandrake 2007.1
+ MandrakeSoft Linux Mandrake 2007.1
+ MandrakeSoft Linux Mandrake 2007.0 x86_64
+ MandrakeSoft Linux Mandrake 2007.0 x86_64
+ MandrakeSoft Linux Mandrake 2007.0
+ MandrakeSoft Linux Mandrake 2007.0
MPlayer MPlayer 1.0
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Linux Mandrake 2007.1
+ MandrakeSoft Linux Mandrake 2007.0 x86_64
+ MandrakeSoft Linux Mandrake 2007.0
MPlayer MPlayer 0_92 CVS
不受影响系统
危害
远程攻击者可以利用漏洞以应用程序权限执行任意指令。
攻击所需条件
攻击者必须构建恶意媒体文件,诱使用户打开。
漏洞信息
MPlayer和VLC Player是流行的媒体播放器。
MPlayer和VLC Player不正确处理用户提供的输入,远程攻击者可以利用漏洞进行整数下溢攻击,可能以应用程序权限执行任意指令。
Mplayer
源文件: stream/realrtsp/real.c
function: int real_get_rdt_chunk(rtsp_t *rtsp_session, char **buffer, int rdt_rawdata)
VLC
源文件: modules/access/rtsp/real.c
function: int real_get_rdt_chunk_header(rtsp_client_t *rtsp_session,
rmff_pheader_t *ph)
源代码来自xine库[3]:
源文件: src/input/libreal/real.c
function: int real_get_rdt_chunk(rtsp_t *rtsp_session, unsigned char **buffer)
函数real_get_rdt_chunk()调用rtsp_read_data()来读取来自网络的RDT
(Real Data Transport)块头部字段数据,之后对其进行解析。控制的变量可用于分配缓冲区,并在之后传递给rtsp_read_data()函数用于指定读取于网络的RDT块数据长度。当解析畸形的RDT头部字段块时存在整数下溢,远程攻击者利用漏洞以应用程序上下文执行任意指令。
测试方法
厂商解决方案
VLC Player CVS库已经提供此漏洞补丁,建议用户关注下载:
http://www.videolan.org/
漏洞提供者
tixxDZ of DZCORE Labs
0 条评论。