Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:068 (mplayer)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56616

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:068 (mplayer)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to mplayer
announced via advisory MDKSA-2006:068.

Multiple integer overflows in MPlayer 1.0pre7try2 allow remote
attackers to cause a denial of service and trigger heap-based buffer
overflows via (1) a certain ASF file handled by asfheader.c that causes
the asf_descrambling function to be passed a negative integer after the
conversion from a char to an int or (2) an AVI file with a crafted
wLongsPerEntry or nEntriesInUse value in the indx chunk, which is
handled in aviheader.c.

The updated packages have been patched to prevent this problem.

Affected: 2006.0, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:068

Risk factor : High

CVSS Score:
5.1

Referencia Cruzada: BugTraq ID: 17295
Common Vulnerability Exposure (CVE) ID: CVE-2006-1502
http://www.securityfocus.com/bid/17295
Bugtraq: 20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows (Google Search)
http://www.securityfocus.com/archive/1/429251/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html
http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:068
http://www.xfocus.org/advisories/200603/11.html
http://www.osvdb.org/24246
http://www.osvdb.org/24247
http://securitytracker.com/id?1015842
http://secunia.com/advisories/19418
http://secunia.com/advisories/19565
http://secunia.com/advisories/19919
http://securityreason.com/securityalert/532
http://securityreason.com/securityalert/647
http://www.vupen.com/english/advisories/2006/1156
XForce ISS Database: mplayer-asfheader-integer-overflow(25513)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25513
XForce ISS Database: mplayer-aviheader-integer-overflow(25514)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25514

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56616
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:068 (mplayer)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mplayer announced via advisory MDKSA-2006:068. Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. The updated packages have been patched to prevent this problem. Affected: 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:068 Risk factor : High CVSS Score: 5.1
Referencia Cruzada:	BugTraq ID: 17295 Common Vulnerability Exposure (CVE) ID: CVE-2006-1502 http://www.securityfocus.com/bid/17295 Bugtraq: 20060329 [xfocus-SD-060329]MPlayer: Multiple integer overflows (Google Search) http://www.securityfocus.com/archive/1/429251/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:068 http://www.xfocus.org/advisories/200603/11.html http://www.osvdb.org/24246 http://www.osvdb.org/24247 http://securitytracker.com/id?1015842 http://secunia.com/advisories/19418 http://secunia.com/advisories/19565 http://secunia.com/advisories/19919 http://securityreason.com/securityalert/532 http://securityreason.com/securityalert/647 http://www.vupen.com/english/advisories/2006/1156 XForce ISS Database: mplayer-asfheader-integer-overflow(25513) https://exchange.xforce.ibmcloud.com/vulnerabilities/25513 XForce ISS Database: mplayer-aviheader-integer-overflow(25514) https://exchange.xforce.ibmcloud.com/vulnerabilities/25514
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com