Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code
p2pnet - rss feed: http://p2pnet.net/p2p.rss | p2pnet celebrities: http://p2pnet.net/celeb.rss | Mobile? http://p2pnet.net/index-wml.php

VideoLAN security flaw

p2pnet news | Open Source:- A flaw in the free and popular open-source VideoLAN media player could be used by hackers to ferret out sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

The vulnerabilities are confirmed in VLC players on Windows, Mac, BSD and possibly more operating systems.

The vulnerability existed before VLC was upgraded to version 0.8.6e in late February, “but the bug appears to have escaped the last round of patches,” says the Washingon Post, crediting Luigi Auriemma for finding thew hole.

“The funny thing is that my old proof-of-concept was built just to test this specific buffer overflow, and in fact it works on the new VLC version too without modifications,” it has him stating.

Video files can contain a link to a separate subtitle file, which VLC automatically loads when it plays the video, says the story, adding:

“An attacker could use the buffer overflow flaw in VLC to execute malicious code contained in a subtitle file, and thus tamper with a PC.”

Says the VLC site >>>

VLC media player 0.8.6d and earlier versions suffer from security vulnerabilities in the Web interface, Subtitle demuxer, Real RTSP demuxer, SDL_image library and MP4 demuxer.

Technical details are available in our advisories: SA-0801 and SA-0802.

The usual collection of assorted changes and improvements can be found here.

This release fully supports Mac OS X 10.3.9 once again.

We strongly recommend all users to update to this new version.

(Thanks, Liam)

[NOTE - p2pnet is running a special reader’s survey. It only takes 20-30 seconds and it’d be a huge help if you’d fill it in. Please click here. Cheers! And thanks … Jon]

SlashdotSlashdot it! Add to Technorati Favorites

Also See:
Washingon Post - Malicious subtitle file could trip up VLC media player, March 18, 2008

Use free p2pnet newsfeeds for your site. It’s really easy!

Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Tuesday, March 18th, 2008 at 9:14 am and is filed under P2P, Open Source. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 6290 times

« previous Should ‘Net Addiction’ become official?
FBI investigates March Madness next »

One Response to “VideoLAN security flaw”

  1. Rekrul Says:
    March 19th, 2008 at 3:58 am

    Video files don’t contain a link to the subtitle file, the player looks for a subtitle file with a filename that matches the filename of the video and loads it if present.

    VLC sucks anyway. Sure it has a lot of built in codecs, but it’s about as stable as a two-legged table. Play with the options too often, it crashes. Play with some options while a video is open, it crashes. Try to open two videos side by side for comparison (something I can do in Media Player Classic) and you get two slideshows with stuttering sound. Not to mention that the full-screen controls are a joke since the window it opens covers a large portion of the screen.

    VLC has a lot of options, but none of them are implemented particularly well.

Leave a Reply
    Advertisments
Teksavvy