漏洞信息详情

VLC Media Player modules/access/rtsp/real_sdpplin.c文件堆溢出漏洞

• CNNVD编号：CNNVD-200801-238
• 危害等级： 高危
  
• CVE编号： CVE-2008-0295
• 漏洞类型： 缓冲区溢出
• 发布时间： 2008-01-16
• 威胁类型： 远程
• 更新时间： 2008-09-05
• 厂        商： videolan
• 漏洞来源： Luigi Auriemma al...

漏洞简介

VideoLAN VLC media player是法国VideoLAN组织开发的一款免费、开源的跨平台多媒体播放器（也是一个多媒体框架）。该产品支持播放多种介质（文件、光盘等）、多种音视频格式（WMV, MP3等）等。

VLC在处理畸形格式的数据时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。

VLC所使用的旧版Xine库在modules/access/rtsp/real_sdpplin.c文件中存在堆溢出漏洞：

sdpplin_t *sdpplin_parse(char *data) {

sdpplin_t *desc = malloc(sizeof(sdpplin_t));

sdpplin_stream_t *stream;

char *buf=malloc(3200);

char *decoded=malloc(3200);

...

while (data ＆＆ *data) {

handled=0;

if (filter(data, \"m=\", ＆buf)) {

...

static int filter(const char *in, const char *filter, char **out) {

int flen=strlen(filter);

int len;

if (!in) return 0;

len = (strchr(in,\'\'＼n\'\')) ? strchr(in,\'\'＼n\'\')-in ： strlen(in);

if (!strncmp(in,filter,flen)) {

if(in[flen]==\'\'\"\'\') flen++;

if(in[len-1]==13) len--;

if(in[len-1]==\'\'\"\'\') len--;

memcpy(*out, in+flen, len-flen+1);

(*out)[len-flen]=0;

return len-flen;

}

return 0;

}

在读取RTSP会话的SDP参数时buf和decoded缓冲区会被溢出。

此外Windows版本的播放器的libaccess_realrtsp插件在处理RTSP数据时也存在堆溢出漏洞。如果在连接时发送了大量字节的话，就可以触发这个溢出。

sdpplin_t *sdpplin_parse(char *data) {

sdpplin_t *desc = malloc(sizeof(sdpplin_t));

sdpplin_stream_t *stream;

char *buf=malloc(3200);

char *decoded=malloc(3200);

...

while (data ＆＆ *data) {

handled=0;

if (filter(data, \"m=\", ＆buf)) {

...

static int filter(const char *in, const char *filter, char **out) {

int flen=strlen(filter);

int len;

if (!in) return 0;

len = (strchr(in,\'\'＼n\'\')) ? strchr(in,\'\'＼n\'\')-in ： strlen(in);

if (!strncmp(in,filter,flen)) {

if(in[flen]==\'\'\"\'\') flen++;

if(in[len-1]==13) len--;

if(in[len-1]==\'\'\"\'\') len--;

memcpy(*out, in+flen, len-flen+1);

(*out)[len-flen]=0;

return len-flen;

}

return 0;

}

在读取RTSP会话的SDP参数时buf和decoded缓冲区会被溢出。

此外Windows版本的播放器的libaccess_realrtsp插件在处理RTSP数据时也存在堆溢出漏洞。如果在连接时发送了大量字节的话，就额可以触发这个溢出。除的邮件。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

VideoLAN VLC media player 0.8.6

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_alpha.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_amd64.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_arm.deb

arm architecture (ARM)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_arm.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_hppa.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_i386.deb

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_i386.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_ia64.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_mips.deb

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_mips.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_mipsel.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_powerpc.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_s390.deb

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_s390.deb

Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch2_sparc.deb

Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch2_alpha.deb

Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch2_amd64.deb

Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch2_arm.deb

arm architecture (ARM)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch2_arm.deb

Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch2_hppa.deb

Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch2_i386.deb

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch2_i386.deb

Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch2_ia64.deb

Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch2_mips.deb

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch2_mips.deb

Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch2_mipsel.deb

Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb

powerpc architecture (PowerPC)

http://security.debian.org/pool/up

参考网址

来源: BID

名称: 27221

链接:http://www.securityfocus.com/bid/27221

来源: VUPEN

名称: ADV-2008-0105

链接:http://www.frsirt.com/english/advisories/2008/0105

来源: SECUNIA

名称: 28383

链接:http://secunia.com/advisories/28383

来源: MISC

链接:http://aluigi.altervista.org/adv/vlcxhof-adv.txt

来源: GENTOO

名称: GLSA-200803-13

链接:http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml

来源: DEBIAN

名称: DSA-1543

链接:http://www.debian.org/security/2008/dsa-1543

来源: SECUNIA

名称: 29766

链接:http://secunia.com/advisories/29766

来源: SECUNIA

名称: 29284

链接:http://secunia.com/advisories/29284

受影响实体

• Videolan Vlc_media_player:0.8.6d  

补丁

暂无