Debian DSA-1496-1 : mplayer - buffer overflows

high Nessus Plugin ID 31056

Synopsis

The remote Debian host is missing a security-related update.

Description

Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2008-0485 Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.

- CVE-2008-0486 Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing.

- CVE-2008-0629 Adam Bozanich discovered a buffer overflow in the CDDB access code.

- CVE-2008-0630 Adam Bozanich discovered a buffer overflow in URL parsing.

Solution

Upgrade the mplayer packages.

The old stable distribution (sarge) doesn't contain mplayer.

For the stable distribution (etch), these problems have been fixed in version 1.0~rc1-12etch2.

See Also

https://security-tracker.debian.org/tracker/CVE-2008-0485

https://security-tracker.debian.org/tracker/CVE-2008-0486

https://security-tracker.debian.org/tracker/CVE-2008-0629

https://security-tracker.debian.org/tracker/CVE-2008-0630

https://www.debian.org/security/2008/dsa-1496

Plugin Details

Severity: High

ID: 31056

File Name: debian_DSA-1496.nasl

Version: 1.18

Type: local

Agent: unix

Published: 2/14/2008

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mplayer, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/12/2008

Exploitable With

Core Impact

Reference Information

CVE: CVE-2008-0485, CVE-2008-0486, CVE-2008-0629, CVE-2008-0630

CWE: 119, 189

DSA: 1496