Test ID:	1.3.6.1.4.1.25623.1.0.55491
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-826-1)
Summary:	The remote host is missing an update for the Debian 'helix-player' package(s) announced via the DSA-826-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'helix-player' package(s) announced via the DSA-826-1 advisory. Vulnerability Insight: Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources. CAN-2005-1766 Buffer overflow in the RealText parser could allow remote code execution via a specially crafted RealMedia file with a long RealText string. CAN-2005-2710 Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the image handle attribute in a RealPix (.rp) or RealText (.rt) file. For the stable distribution (sarge), these problems have been fixed in version 1.0.4-1sarge1 For the unstable distribution (sid), these problems have been fixed in version 1.0.6-1 We recommend that you upgrade your helix-player package. helix-player was distributed only on the i386 and powerpc architectures Affected Software/OS: 'helix-player' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1766 16981 http://secunia.com/advisories/16981 20050623 RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability http://www.idefense.com/application/poi/display?id=250&type=vulnerabilities&flashstatus=true DSA-826 http://www.debian.org/security/2005/dsa-826 RHSA-2005:517 http://www.redhat.com/support/errata/RHSA-2005-517.html RHSA-2005:523 http://www.redhat.com/support/errata/RHSA-2005-523.html SUSE-SA:2005:037 http://www.novell.com/linux/security/advisories/2005_37_real_player.html http://service.real.com/help/faq/security/050623_player/EN/ oval:org.mitre.oval:def:9509 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9509 Common Vulnerability Exposure (CVE) ID: CVE-2005-2710 Bugtraq: 20050926 RealPlayer && HelixPlayer Remote Format String Exploit (Google Search) http://marc.info/?l=bugtraq&m=112785544325326&w=2 CERT/CC vulnerability note: VU#361181 http://www.kb.cert.org/vuls/id/361181 Debian Security Information: DSA-826 (Google Search) http://marc.info/?l=full-disclosure&m=112775929608219&w=2 http://www.gentoo.org/security/en/glsa/glsa-200510-07.xml http://www.idefense.com/application/poi/display?id=311&type=vulnerabilities http://www.open-security.org/advisories/13 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11015 http://www.redhat.com/support/errata/RHSA-2005-762.html http://www.redhat.com/support/errata/RHSA-2005-788.html http://secunia.com/advisories/16954 http://secunia.com/advisories/16961 http://secunia.com/advisories/17116 http://secunia.com/advisories/17127 http://securityreason.com/securityalert/27 http://securityreason.com/securityalert/41 SuSE Security Announcement: SUSE-SA:2005:059 (Google Search) http://www.novell.com/linux/security/advisories/2005_59_RealPlayer.html
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.