Detections
Analytics
Mandrake Linux Security Advisory : mplayer (MDKSA-2006:068)
medium Nessus Plugin ID 21203
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.The updated packages have been patched to prevent this problem.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 21203
File Name: mandrake_MDKSA-2006-068.nasl
Version: 1.16
Type: local
Family: Mandriva Local Security Checks
Published: 4/8/2006
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64postproc0, p-cpe:/a:mandriva:linux:libdha1.0, p-cpe:/a:mandriva:linux:libpostproc0, p-cpe:/a:mandriva:linux:libpostproc0-devel, p-cpe:/a:mandriva:linux:mencoder, p-cpe:/a:mandriva:linux:mplayer, p-cpe:/a:mandriva:linux:mplayer-gui, cpe:/o:mandriva:linux:2006, p-cpe:/a:mandriva:linux:lib64postproc0-devel
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/7/2006
Reference Information
CVE: CVE-2006-1502
MDKSA: 2006:068