MMS Ripper Unspecified Crafted File Issue

2005-07-09T17:57:24
ID OSVDB:17795
Type osvdb
Reporter OSVDB
Modified 2005-07-09T17:57:24

Description

Vulnerability Description

A remote overflow exists in MMS Ripper. The issue is due to a boundary error in the "mms_interp_header()" function when processing stream IDs from Microsoft Media Services MMST streams. With a specially crafted request with more than 20 Stream IDs, an attacker can cause a buffer overflow resulting in a loss of integrity.

Solution Description

Upgrade to version 0.6.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in MMS Ripper. The issue is due to a boundary error in the "mms_interp_header()" function when processing stream IDs from Microsoft Media Services MMST streams. With a specially crafted request with more than 20 Stream IDs, an attacker can cause a buffer overflow resulting in a loss of integrity.

References:

Vendor URL: http://nbenoit.tuxfamily.org/projects.php?rq=mmsrip Vendor Specific News/Changelog Entry: http://nbenoit.tuxfamily.org/projects/mmsrip/ChangeLog Secunia Advisory ID:15987 CVE-2005-2213