FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mplayer -- buffer overflow in the code for RealMedia RTSP streams.

Affected packages
mplayer < 0.99.10_1
mplayer-esound < 0.99.10_1
mplayer-gtk < 0.99.10_1
mplayer-gtk-esound < 0.99.10_1
mplayer-gtk2 < 0.99.10_1
mplayer-gtk2-esound < 0.99.10_1

Details

VuXML ID b2ff68b2-9f29-11db-a4e4-0211d87675b7
Discovery 2006-12-31
Entry 2007-01-08

A potential buffer overflow was found in the code used to handle RealMedia RTSP streams. When checking for matching asm rules, the code stores the results in a fixed-size array, but no boundary checks are performed. This may lead to a buffer overflow if the user is tricked into connecting to a malicious server. Since the attacker can not write arbitrary data into the buffer, creating an exploit is very hard; but a DoS attack is easily made. A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006 UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c, stream/realrtsp/asmrp.h and stream/realrtsp/real.c.

References

CVE Name CVE-2006-6172
FreeBSD PR ports/107217
URL http://www.mplayerhq.hu/design7/news.html