Vulnerabilities > CVE-2008-0073 - Numeric Errors vulnerability in Xine Xine-Lib 1.1.10.1

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
redhat
xine
CWE-189
nessus
exploit available
NVD
Published: 2008-03-24
Updated: 2017-08-08

Summary

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Vulnerable Configurations

Part Description Count
OS
Redhat
1
Application
Xine
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionKantaris 0.3.4 SSA Subtitle Local Buffer Overflow Exploit. CVE-2007-6681,CVE-2008-0073,CVE-2008-0295,CVE-2008-0296,CVE-2008-0984,CVE-2008-1489,CVE-2008-1769....
idEDB-ID:5498
last seen2016-01-31
modified2008-04-25
published2008-04-25
reporterj0rgan
sourcehttps://www.exploit-db.com/download/5498/
titleKantaris 0.3.4 SSA Subtitle Local Buffer Overflow Exploit

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1536.NASL
    descriptionSeveral local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1246 / CVE-2007-1387 The DMO_VideoDecoder_Open function does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code (applies to sarge only). - CVE-2008-0073 Array index error in the sdpplin_parse function allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. - CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow (applies to etch only). - CVE-2008-1161 Buffer overflow in the Matroska demuxer allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.
    last seen2020-06-01
    modified2020-06-02
    plugin id31721
    published2008-04-01
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31721
    titleDebian DSA-1536-1 : libxine - several vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-178.NASL
    descriptionAlin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program (CVE-2008-0073). The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program (CVE-2008-1110). The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file (CVE-2008-1161). Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program (CVE-2008-1482). Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title (CVE-2008-1878). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id36948
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36948
    titleMandriva Linux Security Advisory : xine-lib (MDVSA-2008:178)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-2945.NASL
    descriptionThis updates xine-lib to 1.1.11.1, which fixes the following security vulnerabilities: CVE-2008-0073 array indexing (fixed in 1.1.11), CVE-2008-1482 integer overflow (fixed in 1.1.11.1). It also provides a versioned xine-lib (plugin-abi) so 3rd party packages installing plugins can use it instead of requiring a version of xine-lib. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31818
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31818
    titleFedora 7 : xine-lib-1.1.11.1-1.fc7 (2008-2945)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XINE-DEVEL-5113.NASL
    descriptionThis update fixes a bug in the function sdpplin_parse() that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. (CVE-2008-0073)
    last seen2020-06-01
    modified2020-06-02
    plugin id31716
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31716
    titleopenSUSE 10 Security Update : xine-devel (xine-devel-5113)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1543.NASL
    descriptionLuigi Auriemma, Alin Rad Pop, Remi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc. The Common Vulnerabilities and Exposures project identifies the following eight problems : - CVE-2007-6681 A buffer overflow vulnerability in subtitle handling allows an attacker to execute arbitrary code through the opening of a maliciously crafted MicroDVD, SSA or Vplayer file. - CVE-2007-6682 A format string vulnerability in the HTTP-based remote control facility of the vlc application allows a remote, unauthenticated attacker to execute arbitrary code. - CVE-2007-6683 Insecure argument validation allows a remote attacker to overwrite arbitrary files writable by the user running vlc, if a maliciously crafted M3U playlist or MP3 audio file is opened. - CVE-2008-0295, CVE-2008-0296 Heap buffer overflows in RTSP stream and session description protocol (SDP) handling allow an attacker to execute arbitrary code if a maliciously crafted RTSP stream is played. - CVE-2008-0073 Insufficient integer bounds checking in SDP handling allows the execution of arbitrary code through a maliciously crafted SDP stream ID parameter in an RTSP stream. - CVE-2008-0984 Insufficient integrity checking in the MP4 demuxer allows a remote attacker to overwrite arbitrary memory and execute arbitrary code if a maliciously crafted MP4 file is opened. - CVE-2008-1489 An integer overflow vulnerability in MP4 handling allows a remote attacker to cause a heap buffer overflow, inducing a crash and possibly the execution of arbitrary code if a maliciously crafted MP4 file is opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id31949
    published2008-04-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31949
    titleDebian DSA-1543-1 : vlc - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200808-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200808-01 (xine-lib: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in xine-lib: Alin Rad Pop of Secunia reported an array indexing vulnerability in the sdpplin_parse() function in the file input/libreal/sdpplin.c when processing streams from RTSP servers that contain a large
    last seen2020-06-01
    modified2020-06-02
    plugin id33831
    published2008-08-07
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33831
    titleGLSA-200808-01 : xine-lib: User-assisted execution of arbitrary code
  • NASL familyWindows
    NASL idVLC_0_8_6F.NASL
    descriptionThe version of VLC Media Player installed on the remote host reportedly is affected by several security issues : - A subtitle buffer overflow (CVE-2007-6681). - A Real RTSP code execution problem (CVE-2008-0073). - MP4 integer overflows (CVE-2008-1489). - A cinepak integer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id31853
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31853
    titleVLC Media Player < 0.8.6f Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200804-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200804-25 (VLC: User-assisted execution of arbitrary code) Multiple vulnerabilities were found in VLC: Luigi Auriemma discovered that the stack-based buffer overflow when reading subtitles, which has been reported as CVE-2007-6681 in GLSA 200803-13, was not properly fixed (CVE-2008-1881). Alin Rad Pop of Secunia reported an array indexing vulnerability in the sdpplin_parse() function when processing streams from RTSP servers in Xine code, which is also used in VLC (CVE-2008-0073). Drew Yao and Nico Golde reported an integer overflow in the MP4_ReadBox_rdrf() function in the file libmp4.c leading to a heap-based buffer overflow when reading MP4 files (CVE-2008-1489). Drew Yao also reported integer overflows in the MP4 demuxer, the Real demuxer and in the Cinepak codec, which might lead to buffer overflows (CVE-2008-1768). Drew Yao finally discovered and a boundary error in Cinepak, which might lead to memory corruption (CVE-2008-1769). Impact : A remote attacker could entice a user to open a specially crafted media file or stream, possibly resulting in the remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id32045
    published2008-04-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32045
    titleGLSA-200804-25 : VLC: User-assisted execution of arbitrary code
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XINE-DEVEL-5116.NASL
    descriptionThis update fixes a bug in the function sdpplin_parse() that allowed remote attackers to access process memory out-of a buffers bound. This vulnerability can be used to execute arbitrary code remotely if successfully exploited. (CVE-2008-0073)
    last seen2020-06-01
    modified2020-06-02
    plugin id31723
    published2008-04-01
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31723
    titleSuSE 10 Security Update : xine (ZYPP Patch Number 5116)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-635-1.NASL
    descriptionAlin Rad Pop discovered an array index vulnerability in the SDP parser. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0073) Luigi Auriemma discovered that xine-lib did not properly check buffer sizes in the RTSP header-handling code. If xine-lib opened an RTSP stream with crafted SDP attributes, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0225, CVE-2008-0238) Damian Frizza and Alfredo Ortega discovered that xine-lib did not properly validate FLAC tags. If a user or automated system were tricked into opening a crafted FLAC file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0486) It was discovered that the ASF demuxer in xine-lib did not properly check the length if the ASF header. If a user or automated system were tricked into opening a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1110) It was discovered that the Matroska demuxer in xine-lib did not properly verify frame sizes. If xine-lib opened a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1161) Luigi Auriemma discovered multiple integer overflows in xine-lib. If a user or automated system were tricked into opening a crafted FLV, MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1482) It was discovered that xine-lib did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1686) Guido Landi discovered a stack-based buffer overflow in xine-lib when processing NSF files. If xine-lib opened a specially crafted NSF file with a long NSF title, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1878). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33940
    published2008-08-20
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33940
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xine-lib vulnerabilities (USN-635-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-089-03.NASL
    descriptionNew xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31708
    published2008-03-31
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31708
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / current : xine-lib (SSA:2008-089-03)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-2569.NASL
    description - Wed Mar 19 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.11-1 - 1.1.11 (security update, #438182, CVE-2008-0073). - Drop jack and wavpack build conditionals. - Specfile cleanups. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31665
    published2008-03-26
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31665
    titleFedora 8 : xine-lib-1.1.11-1.fc8 (2008-2569)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-219.NASL
    descriptionA vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer (CVE-2008-0073). Several integer overflows were discovered by Felipe Andres Manzano in MPlayer
    last seen2020-06-01
    modified2020-06-02
    plugin id37535
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37535
    titleMandriva Linux Security Advisory : mplayer (MDVSA-2008:219)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/64874/mplayer-overflowpoc.txt
idPACKETSTORM:64874
last seen2016-12-05
published2008-03-26
reporterk'sOSe
sourcehttps://packetstormsecurity.com/files/64874/mplayer-overflowpoc.txt.html
titlemplayer-overflowpoc.txt

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:8213
    last seen2017-11-19
    modified2008-03-26
    published2008-03-26
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-8213
    titleMPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC
  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 28312 CVE(CAN) ID: CVE-2008-0073 xine是一款免费的媒体播放器,支持多种格式。 xine的input/libreal/sdpplin.c文件中的sdpplin_parse()函数存在缓冲区溢出漏洞,如果恶意的RTSP流中包含有超长的SDP参数的话,就可能触发这个溢出,导致执行任意指令。 xine-lib 1.1.10.1 xine ---- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://xinehq.de/ target=_blank>http://xinehq.de/</a>
    idSSV:3072
    last seen2017-11-19
    modified2008-03-21
    published2008-03-21
    reporterRoot
    titlexine-lib sdpplin_parse()函数远程溢出漏洞

References