FreeBSD Local Security Checks : mplayer -- Multiple integer overflows

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56510

Categoría: FreeBSD Local Security Checks

Título: mplayer -- Multiple integer overflows

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound

CVE-2006-1502
Multiple integer overflows in MPlayer 1.0pre7try2 allow remote
attackers to cause a denial of service and trigger heap-based buffer
overflows via (1) a certain ASF file handled by asfheader.c that
causes the asf_descrambling function to be passed a negative integer
after the conversion from a char to an int or (2) an AVI file with a
crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which
is handled in aviheader.c.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-1502
BugTraq ID: 17295
http://www.securityfocus.com/bid/17295
Bugtraq: 20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows (Google Search)
http://www.securityfocus.com/archive/1/429251/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html
http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:068
http://www.xfocus.org/advisories/200603/11.html
http://www.osvdb.org/24246
http://www.osvdb.org/24247
http://securitytracker.com/id?1015842
http://secunia.com/advisories/19418
http://secunia.com/advisories/19565
http://secunia.com/advisories/19919
http://securityreason.com/securityalert/532
http://securityreason.com/securityalert/647
http://www.vupen.com/english/advisories/2006/1156
XForce ISS Database: mplayer-asfheader-integer-overflow(25513)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25513
XForce ISS Database: mplayer-aviheader-integer-overflow(25514)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25514

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56510
Categoría:	FreeBSD Local Security Checks
Título:	mplayer -- Multiple integer overflows
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: mplayer mplayer-esound mplayer-gtk mplayer-gtk2 mplayer-gtk-esound mplayer-gtk2-esound CVE-2006-1502 Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1502 BugTraq ID: 17295 http://www.securityfocus.com/bid/17295 Bugtraq: 20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows (Google Search) http://www.securityfocus.com/archive/1/429251/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:068 http://www.xfocus.org/advisories/200603/11.html http://www.osvdb.org/24246 http://www.osvdb.org/24247 http://securitytracker.com/id?1015842 http://secunia.com/advisories/19418 http://secunia.com/advisories/19565 http://secunia.com/advisories/19919 http://securityreason.com/securityalert/532 http://securityreason.com/securityalert/647 http://www.vupen.com/english/advisories/2006/1156 XForce ISS Database: mplayer-asfheader-integer-overflow(25513) https://exchange.xforce.ibmcloud.com/vulnerabilities/25513 XForce ISS Database: mplayer-aviheader-integer-overflow(25514) https://exchange.xforce.ibmcloud.com/vulnerabilities/25514
Copyright	Copyright (C) 2008 E-Soft Inc.