[PLSN-0003] - Remote exploits in mplayer

From: Peachtree Linux Security Team (security_at_peachtree.burdell.org)
Date: 04/22/05

  • Next message: dcrab: "Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included)"
    Date: Fri, 22 Apr 2005 09:53:18 -0400
    To: bugtraq@securityfocus.com
    
    
    

    ---------------------------------------------------------------------------
    Peachtree Linux Security Notice PLSN-0003
    April 20, 2005

    Remote buffer overflow and possible code execution in mplayer
    http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
    http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
    ---------------------------------------------------------------------------

    The following Peachtree Linux releases are affected:

       Peachtre Linux release 1 ("Atlanta")

    Description:

       http://www.mplayerhq.hu/homepage/design7/news.html#vuln10:
       A buffer overflow vulnerability exists in the RTSP stream module,
       which could allow a malicious RealMedia server to execute arbitrary
       code.

       http://www.mplayerhq.hu/homepage/design7/news.html#vuln11:
       A buffer overflow vulnerability exists in the MMST stream module,
       which could allow malicious servers of MMS or TCP streams to execute
       arbitrary code.

    Packages:

       alpha
          MPlayer did not ship in rel1 for Alpha. Alpha is not affected by this
          vulnerability, and therefore no update is provided.

       i386
          4e71851034e4263a12f9000bdc3c461e mplayer-1.0pre7.i686.dist

       ppc
          901e0de5cc04cdddf94ff1cad9521776 mplayer-1.0pre7.ppc.dist

    Solution:

       Download the appropriate package for your release of Peachtree Linux.
       Upgrade your system to the new package:

          distadd -u packagename

       Where package name is the name of the package file from the list above.

    -- 
    Peachtree Linux Security Team
    http://peachtree.burdell.org/
    
    



  • Next message: dcrab: "Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included)"