Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.69383
Categoría:Ubuntu Local Security Checks
Título:Ubuntu USN-1104-1 (ffmpeg)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to ffmpeg
announced via advisory USN-1104-1.

Details follow:

Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg
incorrectly handled certain malformed flic files. If a user were tricked
into opening a crafted flic file, an attacker could cause a denial of
service via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3429)

Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
wmv files. If a user were tricked into opening a crafted wmv file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2010-3908)

It was discovered that FFmpeg incorrectly handled certain malformed ogg
files. If a user were tricked into opening a crafted ogg file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2010-4704)

It was discovered that FFmpeg incorrectly handled certain malformed WebM
files. If a user were tricked into opening a crafted WebM file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2011-0480)

Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
RealMedia files. If a user were tricked into opening a crafted RealMedia
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2011-0722)

Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
VC1 files. If a user were tricked into opening a crafted VC1 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2011-0723)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libavcodec1d 3:0.cvs20070307-5ubuntu7.6
libavformat1d 3:0.cvs20070307-5ubuntu7.6

Ubuntu 9.10:
libavcodec52 4:0.5+svn20090706-2ubuntu2.3
libavformat52 4:0.5+svn20090706-2ubuntu2.3

Ubuntu 10.04 LTS:
libavcodec52 4:0.5.1-1ubuntu1.1
libavformat52 4:0.5.1-1ubuntu1.1

Ubuntu 10.10:
libavcodec52 4:0.6-2ubuntu6.1
libavformat52 4:0.6-2ubuntu6.1

In general, a standard system update will make all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-1104-1

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3429
Bugtraq: 20100928 [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference (Google Search)
http://www.securityfocus.com/archive/1/514009/100/0/threaded
Debian Security Information: DSA-2165 (Google Search)
http://www.debian.org/security/2011/dsa-2165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.ocert.org/advisories/ocert-2010-004.html
http://www.openwall.com/lists/oss-security/2010/09/28/4
http://secunia.com/advisories/41626
http://secunia.com/advisories/43323
http://www.ubuntu.com/usn/usn-1104-1/
http://www.vupen.com/english/advisories/2010/2517
http://www.vupen.com/english/advisories/2010/2518
http://www.vupen.com/english/advisories/2011/1241
Common Vulnerability Exposure (CVE) ID: CVE-2010-3908
Debian Security Information: DSA-2306 (Google Search)
http://www.debian.org/security/2011/dsa-2306
Common Vulnerability Exposure (CVE) ID: CVE-2010-4704
BugTraq ID: 46294
http://www.securityfocus.com/bid/46294
Common Vulnerability Exposure (CVE) ID: CVE-2011-0480
BugTraq ID: 45788
http://www.securityfocus.com/bid/45788
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703
http://osvdb.org/70463
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380
http://secunia.com/advisories/42951
XForce ISS Database: chrome-vorbis-bo(64671)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64671
Common Vulnerability Exposure (CVE) ID: CVE-2011-0722
BugTraq ID: 47149
http://www.securityfocus.com/bid/47149
Common Vulnerability Exposure (CVE) ID: CVE-2011-0723
BugTraq ID: 47151
http://www.securityfocus.com/bid/47151
http://ffmpeg.mplayerhq.hu/
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.