MPlayer远程HTTP头远程缓冲区溢出漏洞

MPlayer远程HTTP头远程缓冲区溢出漏洞

漏洞ID 1107836 漏洞类型 边界条件错误
发布时间 2004-03-30 更新时间 2005-10-20
图片[1]-MPlayer远程HTTP头远程缓冲区溢出漏洞-安全小百科CVE编号 CVE-2004-0386
图片[2]-MPlayer远程HTTP头远程缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200405-036
漏洞平台 Linux CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/23896
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200405-036
|漏洞详情
MPlayer是一款基于Linux的电影播放程序。MPlayer由于不正确处理部分HTTP头字段数据,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以进程权限在系统上执行任意指令。当从web服务器请求一文件,MPlayer会分配一缓冲区存储URL转换的字符串数据,由于没有进行充分边界检查,可导致缓冲区溢出,问题代码如下:libmpdemux/http.c:http_build_request(line178):if(http_hdr->uri==NULL)http_set_uri(http_hdr,”/”);else{uri=(char*)malloc(strlen(http_hdr->uri)*2);[1]if(uri==NULL){mp_msg(MSGT_NETWORK,MSGL_ERR,”Memoryallocationfailedn”);returnNULL;}url_escape_string(uri,http_hdr->uri);[2]URL转义字符串会使一个字符转换为3个,如空格由%22代替,因此[1]中的空间分配不够充分,导致[2]中发生溢出。
|漏洞EXP
source: http://www.securityfocus.com/bid/10008/info

It has been reported that MPlayer is prone to a remote HTTP header buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer bounds on the 'Location' HTTP header during parsing.

Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process. 

Issuing the following command will cause the affected process to crash:
$ mplayer http://`perl -e 'print """x1024;'`
|参考资料

来源:US-CERTVulnerabilityNote:VU#723910
名称:VU#723910
链接:http://www.kb.cert.org/vuls/id/723910
来源:XF
名称:mplayer-header-bo(15675)
链接:http://xforce.iss.net/xforce/xfdb/15675
来源:BID
名称:10008
链接:http://www.securityfocus.com/bid/10008
来源:BUGTRAQ
名称:20040330HeapoverflowinMPlayer
链接:http://www.securityfocus.com/archive/1/359025
来源:GENTOO
名称:GLSA-200403-13
链接:http://security.gentoo.org/glsa/glsa-200403-13.xml
来源:SECUNIA
名称:11259
链接:http://secunia.com/advisories/11259
来源:BUGTRAQ
名称:20040330MPlayerSecurityAdvisory#002-HTTPparsingvulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108067020624076&w;=2
来源:www.mplayerhq.hu
链接:http://www.mplayerhq.hu/homepage/design6/news.html
来源:MANDRAKE
名称:MDKSA-2004:026
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:026

相关推荐: Tru64 CHFN Local Privilege Escalation Vulnerability

Tru64 CHFN Local Privilege Escalation Vulnerability 漏洞ID 1101757 漏洞类型 Unknown 发布时间 2002-08-01 更新时间 2002-08-01 CVE编号 N/A CNNVD-ID N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享