安全研究
安全漏洞
xine-lib多个堆溢出漏洞
发布日期:2008-03-20
更新日期:2008-03-21
受影响系统:
xine xine-lib <= 1.1.11描述:
BUGTRAQ ID: 28370
CVE(CAN) ID: CVE-2008-1482
xine是一款免费的媒体播放器,支持多种格式。
xine在计算某些目标缓冲区和数组所需分配的内存数时错误的32位计算,导致xine-lib受多个堆溢出漏洞影响,可能允许攻击者控制寄存器和代码流。
以下是有漏洞的代码部分:
-----------------------------
A] demux_flv堆溢出
-----------------------------
src/demuxers/demux_flv.c:
static int parse_flv_var(demux_flv_t *this,
unsigned char *buf, int size, char *key, int keylen) {
...
this->index = xine_xmalloc(num*sizeof(flv_index_entry_t));
...
this->index = xine_xmalloc(num*sizeof(flv_index_entry_t));
----------------------------
B] demux_qt堆溢出
----------------------------
src/demuxers/demux_qt.c中几乎所有的分配指令都存在堆溢出。
------------------------------
C] demux_real堆溢出
------------------------------
src/demuxers/demux_real.c:
static void real_parse_index(demux_real_t *this) {
...
*index = xine_xmalloc(entries * sizeof(real_index_entry_t));
----------------------------------
D] demux_wc3movie堆溢出
----------------------------------
src/demuxers/demux_wc3movie.c:
static int open_mve_file(demux_mve_t *this) {
...
this->palettes = xine_xmalloc(this->number_of_shots * PALETTE_SIZE *
sizeof(palette_entry_t));
------------------------
E] ebml堆溢出
------------------------
src/demuxers/ebml.c:
int ebml_check_header(ebml_parser_t *ebml) {
...
char *text = malloc(elem.len + 1);
------------------------------
F] demux_film堆溢出
------------------------------
src/demuxers/demux_film.c:
static int open_film_file(demux_film_t *film) {
...
film->sample_table =
xine_xmalloc(film->sample_count * sizeof(film_sample_t));
<*来源:Luigi Auriemma (aluigi@pivx.com)
链接:http://marc.info/?l=bugtraq&m=120605919516727&w=2
http://secunia.com/advisories/29484/
http://www.debian.org/security/2008/dsa-1586
http://security.gentoo.org/glsa/glsa-200808-01.xml
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1586-1)以及相应补丁:
DSA-1586-1:New xine-lib packages fix several vulnerabilities
链接:http://www.debian.org/security/2008/dsa-1586
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz
Size/MD5 checksum: 6716994 ae6525a76280a6e1979c3f4f89fd00f3
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.diff.gz
Size/MD5 checksum: 32397 9ef42da73934e6a981151549e97fd396
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.dsc
Size/MD5 checksum: 1585 b0949db5082a590b1afa4f477005f79f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_alpha.deb
Size/MD5 checksum: 3410964 35526481cc816fad2d5692b33f4a3577
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_alpha.deb
Size/MD5 checksum: 118604 cfc8a8c900bd1182b3faddfeb09eba84
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_alpha.deb
Size/MD5 checksum: 3665492 49adcd016edc53b96bbc028bc3e428ae
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_amd64.deb
Size/MD5 checksum: 117506 f8305c6e72d9fd2a25cb7b144e0d696d
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_amd64.deb
Size/MD5 checksum: 3050404 b94199ba7a4a578db7eb0eefa42b725c
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_amd64.deb
Size/MD5 checksum: 3660324 635669edb747900be1b17a17dba1f564
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_arm.deb
Size/MD5 checksum: 118774 052c7ceae25865180a966f6e9e4eb573
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_arm.deb
Size/MD5 checksum: 2959500 bb1f326f6451a5681c592a56734b30da
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_arm.deb
Size/MD5 checksum: 2668528 19d061e0cc24b1bf935607207bc8c638
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_hppa.deb
Size/MD5 checksum: 3225530 ac2abcd37fe278b730a7a52db4690e2c
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_hppa.deb
Size/MD5 checksum: 119646 5190a9fd4691a7523f1ae2734d81691f
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_hppa.deb
Size/MD5 checksum: 2697042 ea3479f6dc14ed23f90fbb653ea714aa
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_i386.deb
Size/MD5 checksum: 117466 6bd9177c7a51abe868c0c4f4dfb1b6d7
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_i386.deb
Size/MD5 checksum: 3967634 5a85d97914a5bcb3033e8d3eaec4af4b
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_i386.deb
Size/MD5 checksum: 3350218 88382dafa93891b720985435619e1bee
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_ia64.deb
Size/MD5 checksum: 3765616 e38586e9ef6c7b1997679198cc263b9f
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_ia64.deb
Size/MD5 checksum: 2685148 2bbd6abfaa59b6d5d238916e1fe588c1
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_ia64.deb
Size/MD5 checksum: 117500 c6038901ade50caa3a84254f51b43081
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_mips.deb
Size/MD5 checksum: 3036512 2e2b54ad4b4b45715528981791ce85c6
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_mips.deb
Size/MD5 checksum: 2844538 03835764ba28aa277cf33b994ac2c515
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_mips.deb
Size/MD5 checksum: 119386 292683637eeb0e0922516c27069b0a4a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_mipsel.deb
Size/MD5 checksum: 3017710 0fd6b63681e496817a5a741b942b3642
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_mipsel.deb
Size/MD5 checksum: 2788988 e9bc0450d264dfc9f3522bc38f27fa61
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_mipsel.deb
Size/MD5 checksum: 117528 656913c22767f942ea3ef2f8ad0edc80
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_powerpc.deb
Size/MD5 checksum: 3719568 4bf9a41390aa91305a7de075d8d2c52a
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_powerpc.deb
Size/MD5 checksum: 3209842 ee37b66a198c890770fcda734e30fab8
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_powerpc.deb
Size/MD5 checksum: 117512 e952851e820d0634de013e598c61c432
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_s390.deb
Size/MD5 checksum: 3173064 c1210b83707d76a4256c42393ef1e2d4
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_s390.deb
Size/MD5 checksum: 2719306 125a96fd91fc8cf88c69280500230e0e
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_s390.deb
Size/MD5 checksum: 117502 babe974673968538886456d4f5345cce
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_sparc.deb
Size/MD5 checksum: 3025332 591637b97267686c199c074ce3e92aba
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_sparc.deb
Size/MD5 checksum: 117520 f3b076031d34e283445c27fcb9031e63
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_sparc.deb
Size/MD5 checksum: 3369250 d8e3d16b7c014187398029cf2e75f0da
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200808-01)以及相应补丁:
GLSA-200808-01:xine-lib: User-assisted execution of arbitrary code
链接:http://security.gentoo.org/glsa/glsa-200808-01.xml
所有xine-lib用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.13"
浏览次数:2834
严重程度:0(网友投票)
绿盟科技给您安全的保障