English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 74154 CVE Beschreibungen
und 39337 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.69383
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-1104-1 (ffmpeg)
Zusammenfassung:Ubuntu USN-1104-1 (ffmpeg)
Beschreibung:The remote host is missing an update to ffmpeg
announced via advisory USN-1104-1.

Details follow:

Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg
incorrectly handled certain malformed flic files. If a user were tricked
into opening a crafted flic file, an attacker could cause a denial of
service via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3429)

Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
wmv files. If a user were tricked into opening a crafted wmv file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2010-3908)

It was discovered that FFmpeg incorrectly handled certain malformed ogg
files. If a user were tricked into opening a crafted ogg file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2010-4704)

It was discovered that FFmpeg incorrectly handled certain malformed WebM
files. If a user were tricked into opening a crafted WebM file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2011-0480)

Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
RealMedia files. If a user were tricked into opening a crafted RealMedia
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2011-0722)

Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
VC1 files. If a user were tricked into opening a crafted VC1 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2011-0723)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libavcodec1d 3:0.cvs20070307-5ubuntu7.6
libavformat1d 3:0.cvs20070307-5ubuntu7.6

Ubuntu 9.10:
libavcodec52 4:0.5+svn20090706-2ubuntu2.3
libavformat52 4:0.5+svn20090706-2ubuntu2.3

Ubuntu 10.04 LTS:
libavcodec52 4:0.5.1-1ubuntu1.1
libavformat52 4:0.5.1-1ubuntu1.1

Ubuntu 10.10:
libavcodec52 4:0.6-2ubuntu6.1
libavformat52 4:0.6-2ubuntu6.1

In general, a standard system update will make all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1104-1

Risk factor : Critical
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3429
Bugtraq: 20100928 [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference (Google Search)
http://www.securityfocus.com/archive/1/archive/1/514009/100/0/threaded
http://www.openwall.com/lists/oss-security/2010/09/28/4
http://www.ocert.org/advisories/ocert-2010-004.html
Debian Security Information: DSA-2165 (Google Search)
http://www.debian.org/security/2011/dsa-2165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.ubuntu.com/usn/usn-1104-1/
http://secunia.com/advisories/41626
http://secunia.com/advisories/43323
http://www.vupen.com/english/advisories/2010/2517
http://www.vupen.com/english/advisories/2010/2518
http://www.vupen.com/english/advisories/2011/1241
Common Vulnerability Exposure (CVE) ID: CVE-2010-3908
Debian Security Information: DSA-2306 (Google Search)
http://www.debian.org/security/2011/dsa-2306
Common Vulnerability Exposure (CVE) ID: CVE-2010-4704
BugTraq ID: 46294
http://www.securityfocus.com/bid/46294
Common Vulnerability Exposure (CVE) ID: CVE-2011-0480
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703
BugTraq ID: 45788
http://www.securityfocus.com/bid/45788
http://osvdb.org/70463
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14380
http://secunia.com/advisories/42951
XForce ISS Database: chrome-vorbis-bo(64671)
http://xforce.iss.net/xforce/xfdb/64671
Common Vulnerability Exposure (CVE) ID: CVE-2011-0722
BugTraq ID: 47149
http://www.securityfocus.com/bid/47149
Common Vulnerability Exposure (CVE) ID: CVE-2011-0723
http://ffmpeg.mplayerhq.hu/
BugTraq ID: 47151
http://www.securityfocus.com/bid/47151
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39337 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.