[PLSN-0003] - Remote exploits in mplayer

From: Peachtree Linux Security Team (security_at_peachtree.burdell.org)
Date: 04/22/05

  • Next message: dcrab: "Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included)"
    Date: Fri, 22 Apr 2005 09:53:18 -0400
    To: bugtraq@securityfocus.com
    
    
    

    ---------------------------------------------------------------------------
    Peachtree Linux Security Notice PLSN-0003
    April 20, 2005

    Remote buffer overflow and possible code execution in mplayer
    http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
    http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
    ---------------------------------------------------------------------------

    The following Peachtree Linux releases are affected:

       Peachtre Linux release 1 ("Atlanta")

    Description:

       http://www.mplayerhq.hu/homepage/design7/news.html#vuln10:
       A buffer overflow vulnerability exists in the RTSP stream module,
       which could allow a malicious RealMedia server to execute arbitrary
       code.

       http://www.mplayerhq.hu/homepage/design7/news.html#vuln11:
       A buffer overflow vulnerability exists in the MMST stream module,
       which could allow malicious servers of MMS or TCP streams to execute
       arbitrary code.

    Packages:

       alpha
          MPlayer did not ship in rel1 for Alpha. Alpha is not affected by this
          vulnerability, and therefore no update is provided.

       i386
          4e71851034e4263a12f9000bdc3c461e mplayer-1.0pre7.i686.dist

       ppc
          901e0de5cc04cdddf94ff1cad9521776 mplayer-1.0pre7.ppc.dist

    Solution:

       Download the appropriate package for your release of Peachtree Linux.
       Upgrade your system to the new package:

          distadd -u packagename

       Where package name is the name of the package file from the list above.

    -- 
    Peachtree Linux Security Team
    http://peachtree.burdell.org/
    
    



  • Next message: dcrab: "Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included)"

    Relevant Pages

    • [NEWS] Multiple Vulnerabilities in Oracle Database Server (40 Issues)
      ... Multiple buffer overflow and denial of service vulnerabilities exist ... DBMS_REPCAT_INSTANTIATE package ... To reproduce the overflow, execute the next PL/SQL: ... Oracle database user can exploit this vulnerability. ...
      (Securiteam)
    • [Full-Disclosure] SUSE Security Announcement: lftp (SuSE-SA:2003:051)
      ... When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels' ... Pending vulnerabilities in SUSE Distributions and Workarounds: ... Two vulnerabilities were found in the FreeRADIUS package. ... The other bug is a remote buffer overflow in the module rlm_smb. ...
      (Full-Disclosure)
    • SUSE Security Announcement: lftp (SuSE-SA:2003:051)
      ... When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels' ... Pending vulnerabilities in SUSE Distributions and Workarounds: ... Two vulnerabilities were found in the FreeRADIUS package. ... The other bug is a remote buffer overflow in the module rlm_smb. ...
      (Bugtraq)
    • [PLSN-0003] - Remote exploits in MPlayer
      ... Peachtree Linux Security Notice PLSN-0003 ... A buffer overflow vulnerability exists in the RTSP stream module, ... which could allow malicious servers of MMS or TCP streams to execute ... Download the appropriate package for your release of Peachtree Linux. ...
      (Bugtraq)
    • [PLSN-0001] - Multiple vulnerabilities in Gaim
      ... Peachtree Linux Security Notice PLSN-0001 ... Remote code execution and remote DoS vulnerability in PHP ... Download the appropriate package for your release of Peachtree Linux. ...
      (Bugtraq)