Vulnerabilities > CVE-2005-0755 - Unspecified vulnerability in Realnetworks Helix Player, Realone Player and Realplayer

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
realnetworks
nessus

Summary

Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-392.NASL
    descriptionAn updated HelixPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. A buffer overflow bug was found in the way HelixPlayer processes RAM files. An attacker could create a specially crafted RAM file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0755 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.4 and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id18110
    published2005-04-21
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18110
    titleRHEL 4 : HelixPlayer (RHSA-2005:392)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:392. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18110);
      script_version ("1.26");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-0755");
      script_xref(name:"RHSA", value:"2005:392");
    
      script_name(english:"RHEL 4 : HelixPlayer (RHSA-2005:392)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated HelixPlayer package that fixes a buffer overflow issue is
    now available.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    HelixPlayer is a media player.
    
    A buffer overflow bug was found in the way HelixPlayer processes RAM
    files. An attacker could create a specially crafted RAM file which
    could execute arbitrary code when opened by a user. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2005-0755 to this issue.
    
    All users of HelixPlayer are advised to upgrade to this updated
    package, which contains HelixPlayer version 10.0.4 and is not
    vulnerable to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0755"
      );
      # http://service.real.com/help/faq/security/050419_player/EN/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.real.com/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:392"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected HelixPlayer package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:HelixPlayer");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/04/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:392";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"HelixPlayer-1.0.4-1.1.EL4.2")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "HelixPlayer");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-394.NASL
    descriptionAn updated RealPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. RealPlayer is a media player providing solid media playback locally and via streaming. It plays RealAudio, RealVideo, MP3, 3GPP Video, Flash, SMIL 2.0, JPEG, GIF, PNG, RealPix and RealText and more. A buffer overflow bug was found in the way RealPlayer processes RAM files. An attacker could create a specially crafted RAM file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0755 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.4 and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id18111
    published2005-04-21
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18111
    titleRHEL 3 : RealPlayer (RHSA-2005:394)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:394. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18111);
      script_version ("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-0755");
      script_xref(name:"RHSA", value:"2005:394");
    
      script_name(english:"RHEL 3 : RealPlayer (RHSA-2005:394)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated RealPlayer package that fixes a buffer overflow issue is
    now available.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    RealPlayer is a media player providing solid media playback locally
    and via streaming. It plays RealAudio, RealVideo, MP3, 3GPP Video,
    Flash, SMIL 2.0, JPEG, GIF, PNG, RealPix and RealText and more.
    
    A buffer overflow bug was found in the way RealPlayer processes RAM
    files. An attacker could create a specially crafted RAM file which
    could execute arbitrary code when opened by a user. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2005-0755 to this issue.
    
    All users of RealPlayer are advised to upgrade to this updated
    package, which contains RealPlayer version 10.0.4 and is not
    vulnerable to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2005-0755.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://rhn.redhat.com/errata/RHSA-2005-394.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected realplayer package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:realplayer");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/04/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/21");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    flag = 0;
    if (rpm_check(release:"RHEL3", cpu:"i386", reference:"realplayer-10.0.4-1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-329.NASL
    description--------------------------------------------------------------------- - Sat Mar 19 2005 John (J5) Palmieri <johnp at redhat.com> 1:1.0.4-1.0.fc3.1 - Update to upstream version 1.0.4 to fix 155386 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19653
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19653
    titleFedora Core 3 : HelixPlayer-1.0.4-1.0.fc3.1 (2005-329)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200504-21.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200504-21 (RealPlayer, Helix Player: Buffer overflow vulnerability) Piotr Bania has discovered a buffer overflow vulnerability in RealPlayer and Helix Player when processing malicious RAM files. Impact : By enticing a user to play a specially crafted RAM file an attacker could execute arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id18121
    published2005-04-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18121
    titleGLSA-200504-21 : RealPlayer, Helix Player: Buffer overflow vulnerability
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-392.NASL
    descriptionAn updated HelixPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. A buffer overflow bug was found in the way HelixPlayer processes RAM files. An attacker could create a specially crafted RAM file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0755 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.4 and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id21932
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21932
    titleCentOS 4 : HelixPlayer (CESA-2005:392)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-363.NASL
    descriptionAn updated RealPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. RealPlayer is a media player that provides solid media playback locally and via streaming. It plays RealAudio, RealVideo, MP3, 3GPP Video, Flash, SMIL 2.0, JPEG, GIF, PNG, RealPix and RealText and more. A buffer overflow bug was found in the way RealPlayer processes RAM files. An attacker could create a specially crafted RAM file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0755 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.4 and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id18108
    published2005-04-21
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18108
    titleRHEL 4 : RealPlayer (RHSA-2005:363)

Oval

accepted2013-04-29T04:12:19.809-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionHeap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.
familyunix
idoval:org.mitre.oval:def:11205
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleHeap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.
version25

Redhat

advisories
  • rhsa
    idRHSA-2005:363
  • rhsa
    idRHSA-2005:392
  • rhsa
    idRHSA-2005:394
rpms
  • HelixPlayer-1:1.0.4-1.1.EL4.2
  • HelixPlayer-debuginfo-1:1.0.4-1.1.EL4.2