Test ID:	1.3.6.1.4.1.25623.1.0.66797
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0094
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0094. HelixPlayer is a media player. Multiple buffer and integer overflow flaws were found in the way HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker could create a specially-crafted GIF file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242, CVE-2009-4245) A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. An attacker could create a specially-crafted SMIL file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257) A buffer overflow flaw was found in the way HelixPlayer handled the Real Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP server could use this flaw to crash HelixPlayer or, potentially, execute arbitrary code. (CVE-2009-4248) Multiple buffer overflow flaws were discovered in the way HelixPlayer handled RuleBook structures in media files and RTSP streams. Specially-crafted input could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2009-4247, CVE-2010-0417) A buffer overflow flaw was found in the way HelixPlayer performed URL un-escaping. A specially-crafted URL string could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2010-0416) All HelixPlayer users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. All running instances of HelixPlayer must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0094.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4242 BugTraq ID: 37880 http://www.securityfocus.com/bid/37880 Bugtraq: 20100121 ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/509096/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-006/ http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.html http://osvdb.org/61966 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10144 http://www.redhat.com/support/errata/RHSA-2010-0094.html http://securitytracker.com/id?1023489 http://secunia.com/advisories/38218 http://secunia.com/advisories/38450 http://www.vupen.com/english/advisories/2010/0178 XForce ISS Database: realplayer-gif-bo(55795) https://exchange.xforce.ibmcloud.com/vulnerabilities/55795 Common Vulnerability Exposure (CVE) ID: CVE-2009-4245 http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html http://osvdb.org/61969 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998 XForce ISS Database: realplayer-gifimage-bo(55800) https://exchange.xforce.ibmcloud.com/vulnerabilities/55800 Common Vulnerability Exposure (CVE) ID: CVE-2009-4247 http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10677 XForce ISS Database: realplayer-rulebook-overflow(55802) https://exchange.xforce.ibmcloud.com/vulnerabilities/55802 Common Vulnerability Exposure (CVE) ID: CVE-2009-4248 http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641 XForce ISS Database: realplayer-rtsp-setparameter-bo(55801) https://exchange.xforce.ibmcloud.com/vulnerabilities/55801 Common Vulnerability Exposure (CVE) ID: CVE-2009-4257 Bugtraq: 20100121 ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/509105/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-007/ http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11110 XForce ISS Database: realnetworks-realplayer-smil-bo(55798) https://exchange.xforce.ibmcloud.com/vulnerabilities/55798 Common Vulnerability Exposure (CVE) ID: CVE-2010-0416 38450 RHSA-2010:0094 [common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1 http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html https://bugzilla.redhat.com/show_bug.cgi?id=561856 https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1 oval:org.mitre.oval:def:10847 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847 Common Vulnerability Exposure (CVE) ID: CVE-2010-0417 [common-cvs] 20080114 util rlstate.cpp,1.9,1.10 http://lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html https://bugzilla.redhat.com/show_bug.cgi?id=561860 https://helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10 oval:org.mitre.oval:def:11364 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.