安全研究
安全漏洞
MPlayer sdpplin_parse()函数RTSP整数溢出漏洞
发布日期:2008-03-25
更新日期:2008-04-22
受影响系统:
MPlayer MPlayer 1.0 rc2描述:
BUGTRAQ ID: 28851
CVE(CAN) ID: CVE-2008-1558
MPlayer是一款基于Linux的媒体播放程序,支持多种媒体格式。
MPlayer的stream/realrtsp/sdpplin.c文件中的sdpplin_parse()函数存在整数溢出漏洞:
sdpplin_parse_stream()
desc->stream_id=atoi(buf);
spplin_parse()
desc->stream[stream->stream_id]=stream;
如果用户所打开的媒体文件中包含有超长的StreamCount SDP参数的话,就可以触发这个溢出,导致执行任意指令。
<*来源:k`sOSe
链接:http://secunia.com/advisories/29515
http://www.debian.org/security/2008/dsa-1552
http://security.gentoo.org/glsa/glsa-200805-22.xml
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1552-1)以及相应补丁:
DSA-1552-1:New mplayer packages fix arbitrary code execution
链接:http://www.debian.org/security/2008/dsa-1552
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1.orig.tar.gz
Size/MD5 checksum: 10286260 815482129b79cb9390904b145c5def6c
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3.diff.gz
Size/MD5 checksum: 81742 54e2210e0f0eaa596acf6210b050fb50
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3.dsc
Size/MD5 checksum: 1265 6ccb62e72b94fa4c797975a36766bb45
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc1-12etch3_all.deb
Size/MD5 checksum: 2053074 2a88c44b4fa0e754660948ea7e42b8e4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_alpha.deb
Size/MD5 checksum: 4707708 444e5067e94888747c62ea39b9ce1938
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_amd64.deb
Size/MD5 checksum: 4372894 8f8fb89d21cfc0d8eb028451208f6fb9
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_arm.deb
Size/MD5 checksum: 4325350 4ee43a3fa256b3e76aae898df3286ace
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_hppa.deb
Size/MD5 checksum: 4384442 4a9e2e68d4edcccd7f3bd4b08d1ac4c5
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_i386.deb
Size/MD5 checksum: 4421502 c0bfb3da63001b23532ff69750888a8e
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_ia64.deb
Size/MD5 checksum: 5842288 8d1fca3a56bbf0faafb39c6ebefd6c92
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_mips.deb
Size/MD5 checksum: 4274728 b51101e7fa8fb0ab197fd84ea9d36c59
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_mipsel.deb
Size/MD5 checksum: 4278972 bac174ec794adbcf9f9e4cc44951781e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_powerpc.deb
Size/MD5 checksum: 4342252 2a30381673555b1626c407c5cfad56a3
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_s390.deb
Size/MD5 checksum: 4163070 81d36ad30bdefeaf77c4531fe4db5cb1
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200805-22)以及相应补丁:
GLSA-200805-22:MPlayer: User-assisted execution of arbitrary code
链接:http://security.gentoo.org/glsa/glsa-200805-22.xml
所有MPlayer用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose
MPlayer
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.mplayerhq.hu/homepage/design6/news.html
浏览次数:2667
严重程度:0(网友投票)
绿盟科技给您安全的保障