Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
Teksavvy
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code
p2pnet - rss feed: http://p2pnet.net/p2p.rss | p2pnet celebrities: http://p2pnet.net/celeb.rss | Mobile? http://p2pnet.net/index-wml.php

mplayer security hole

p2p news / p2pnet:- Secunia says a “Moderately Critical” security hole in mplayer could allow hackers to compromise a vulnerable system.

It’s down to an error when handling the “strf” stream-format header for audio data and may be exploited to cause a memory corruption via an overly large value in the channel parameter, it says, crediting Sven Tantau.

“The vulnerability has been reported in version 1.0pre7 and prior,” says Secunia, which adds a patch is available here.

“There is a bug which, depending on configuration, can lead to a heap overflow,” says the mplayer site.

“If and under which circumstances this is exploitable is unclear to us as of now. We are aware that at least one person was able to write a working exploit on his system using an AVI file with uncompressed PCM audio. We have found a file that is supposed to exploit it but could not make it work, still we do not want to put you at risk by waiting longer to publish this.”

If there’s something you think we should know, tips[at]p2pnet.net

See:-
Secunia - mplayer “strf” Header Memory Corruption Vulnerability, September 1, 2005

This entry was posted on Friday, September 2nd, 2005 at 5:55 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1816 times

« previous BnetD looses in Blizzard case
Firefox confuses cyber sleuths next »

5 Responses to “mplayer security hole”

  1. Reader's Write Says:
    September 2nd, 2005 at 6:06 pm

    the link http://www4.mplayerhq.hu/MPlayer/patches/ad_pcm_fix_20050826.diff

    only gives a page with the following garble:

    — libmpcodecs/ad_pcm.c.orig 2005-02-27 00:02:09.000000000 +0100
    +++ libmpcodecs/ad_pcm.c 2005-08-27 00:11:02.000000000 +0200
    @@ -96,8 +96,8 @@

    static int decode_audio(sh_audio_t *sh_audio,unsigned char *buf,int minlen,int maxlen)
    {
    - int len=sh_audio->channels*sh_audio->samplesize-1;
    - len=(minlen+len)&(~len); // sample align
    + unsigned len = sh_audio->channels*sh_audio->samplesize;
    + len = maxlen - maxlen % len; // sample align
    len=demux_read_data(sh_audio->ds,buf,len);
    return len;
    }

  2. Reader's Write Says:
    September 2nd, 2005 at 6:07 pm

    i only use mplayer v6.4 and never had any problems.

  3. Reader's Write Says:
    September 2nd, 2005 at 6:34 pm

    That is a source code patch, which will require a recompile
    of the program or just the the library that contains the vulnerability.

    Easier to just get a precompiled version but I don’t know if
    they made a new build yet…

  4. Reader's Write Says:
    September 2nd, 2005 at 6:35 pm

    I just stepped in a big steaming pile of security.

  5. Reader's Write Says:
    September 3rd, 2005 at 10:14 am

    From the post above it is clear that you don’t know the difference.
    mplayer (www.mplayerhq.hu) is media player for linux (and many other OS/platform including Window$) and the best media player in existence (no need for 3rd party codec-packs full of malware, plays almost anything - broken files, obscure formats, etc.)

    Mplayer is Window$ Media Player which is just plain crap.

Leave a Reply
    Advertisments
MP3rocket