Detections
Analytics
Debian DSA-1496-1 : mplayer - buffer overflows
high Nessus Plugin ID 31056
Synopsis
The remote Debian host is missing a security-related update.Description
Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2008-0485 Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.
- CVE-2008-0486 Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing.
- CVE-2008-0629 Adam Bozanich discovered a buffer overflow in the CDDB access code.
- CVE-2008-0630 Adam Bozanich discovered a buffer overflow in URL parsing.
Solution
Upgrade the mplayer packages.The old stable distribution (sarge) doesn't contain mplayer.
For the stable distribution (etch), these problems have been fixed in version 1.0~rc1-12etch2.
See Also
https://security-tracker.debian.org/tracker/CVE-2008-0485
https://security-tracker.debian.org/tracker/CVE-2008-0486
https://security-tracker.debian.org/tracker/CVE-2008-0629
Plugin Details
Severity: High
ID: 31056
File Name: debian_DSA-1496.nasl
Version: 1.18
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 2/14/2008
Updated: 1/4/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:mplayer, cpe:/o:debian:debian_linux:4.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/12/2008
Exploitable With
Core Impact
Reference Information
CVE: CVE-2008-0485, CVE-2008-0486, CVE-2008-0629, CVE-2008-0630