Search...

liveMedia integer overflow

2015-02-23T00:00:00

ID SECURITYVULNS:VULN:14281
Type securityvulns
Reporter BUGTRAQ
Modified 2015-02-23T00:00:00

Description

Integer overflow on RTSP parsing.

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:VULN:14281", "bulletinFamily": "software", "title": "liveMedia integer overflow", "description": "Integer overflow on RTSP parsing.", "published": "2015-02-23T00:00:00", "modified": "2015-02-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14281", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31747"], "cvelist": ["CVE-2013-6933"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:59", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "ea67235cecb3dd28957474390fd28340"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "afd3bb3ddbb7b5440126847e2a08adbf"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "1994ba93ce069172b0ac9b21181d8c13"}, {"key": "href", "hash": "fa64ec7ee0de35197bd210e0b597ab15"}, {"key": "modified", "hash": "6fadd98b78cee69faa608ac7283c958d"}, {"key": "published", "hash": "6fadd98b78cee69faa608ac7283c958d"}, {"key": "references", "hash": "547a734457deda3c6e274e65a86fda1e"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "befc85d508f08a34cf92870a47d22a6f"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "a7a4166281715d86c74d389d19db9991efc557301eec262ce8296cb6e01614f5", "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:09:59"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-6933"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31747"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3156-1:B051A"]}, {"type": "nessus", "idList": ["VLC_2_1_2.NASL"]}], "modified": "2018-08-31T11:09:59"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Live555 Streaming Media", "operator": "eq", "version": "2011.08"}]}

{"cve": [{"lastseen": "2016-09-03T19:15:39", "bulletinFamily": "NVD", "description": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.", "modified": "2014-01-24T14:03:47", "published": "2014-01-23T16:55:04", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6933", "id": "CVE-2013-6933", "title": "CVE-2013-6933", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3156-1 security@debian.org\r\nhttp://www.debian.org/security/ Alessandro Ghedini\r\nFebruary 07, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : liblivemedia\r\nCVE ID : CVE-2013-6933\r\n\r\nA vulnerability was found in liveMedia, a set of C++ libraries for \r\nmultimedia streaming. RTSP messages starting with whitespace were assumed \r\nto have a zero length, triggering an integer underflow, infinite loop, \r\nand then a buffer overflow. This could allow remote attackers to cause a \r\ndenial of service (crash) or arbitrary code execution via crafted RTSP \r\nmessages.\r\n\r\nThe packages vlc and mplayer have also been updated to reflect this \r\nimprovement.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in \r\nliblivemedia version 2012.05.17-1+wheezy1, vlc version 2.0.3-5+deb7u2+b1, \r\nand mplayer version 2:1.0~rc4.dfsg1+svn34540-1+deb7u1.\r\n\r\nFor the upcoming stable distribution (jessie), this problem has been \r\nfixed in liblivemedia version 2014.01.13-1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in \r\nliblivemedia version 2014.01.13-1.\r\n\r\nWe recommend that you upgrade your liblivemedia, vlc, and mplayer \r\npackages.\r\n\r\nFurther information about Debian Security Advisories, how to apply these \r\nupdates to your system and frequently asked questions can be found at: \r\nhttps://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2\r\n\r\niQIcBAEBCAAGBQJU1iZ6AAoJEG7C3vaP/jd0MCcP/27ObP4bPSLUYrCVG+/x0v/1\r\nvtuW4ZlazfmT2EO7oz47Td6VAYdym90CF7NasCLHZaueJdTYG71cVsLxWe1NuzZ5\r\nTWL81pM6ff0+b4D0Tj50SFzExMeIG6rqcUYPK1Sq9r3Eww4CBKG3Dxhyz4xva3ZJ\r\ntospDb5zVDSqGXkeBIpY5om15k8FGc+C6YKuyBbWaTsCSISo4m3/NYAJvlqvPiry\r\nXy3hgpW6mYsemB6ooGWwSK3zU1NVB4dr9Wjv1aFBa2Ar4JTlt2Zz5sqBsRGXuvCV\r\nQVjB+bL/b4C5gP6iJC14OppJqEL2lLwzlYPT9UVmv6nLvwRSPAqAFOAexzk2EIqU\r\nLKs2edQF5HBrxQuvtD3DJcUX88C5/v+A8TYHXEISLdQmaKjF5NWP/ihpWJqocSYB\r\nd3tT2sP0RhthVFIWu5ybZlBZ1T25cTMnaLGCObKDWstNJ8ZJLoSdsqM6Aki8OVka\r\nuVdHvTQhMUh7u2Kx0rQ25B17GRIp+zvA5uNIFk/6SZBA4BR4RDoELMGcepjuTvVn\r\nREEJ1NlQmXrR1Lmr6mVz+JlTDIY4tMN4B7XNxI43PoLsiEhwPo6V5eC44B3oJo+O\r\nmPx6dJsXIe10VTxOfE26Im9Hwkg+uh41Jzoeji7kyK9bxpfWpjwgqkfzupmyoygE\r\nZIO4G908tuyRPIPs1vdx\r\n=Lhkt\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-02-23T00:00:00", "published": "2015-02-23T00:00:00", "id": "SECURITYVULNS:DOC:31747", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31747", "title": "[SECURITY] [DSA 3156-1] liblivemedia security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:50:30", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3156-1 security@debian.org\nhttp://www.debian.org/security/ Alessandro Ghedini\nFebruary 07, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : liblivemedia\nCVE ID : CVE-2013-6933\n\nA vulnerability was found in liveMedia, a set of C++ libraries for \nmultimedia streaming. RTSP messages starting with whitespace were assumed \nto have a zero length, triggering an integer underflow, infinite loop, \nand then a buffer overflow. This could allow remote attackers to cause a \ndenial of service (crash) or arbitrary code execution via crafted RTSP \nmessages.\n\nThe packages vlc and mplayer have also been updated to reflect this \nimprovement.\n\nFor the stable distribution (wheezy), this problem has been fixed in \nliblivemedia version 2012.05.17-1+wheezy1, vlc version 2.0.3-5+deb7u2+b1, \nand mplayer version 2:1.0~rc4.dfsg1+svn34540-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), this problem has been \nfixed in liblivemedia version 2014.01.13-1.\n\nFor the unstable distribution (sid), this problem has been fixed in \nliblivemedia version 2014.01.13-1.\n\nWe recommend that you upgrade your liblivemedia, vlc, and mplayer \npackages.\n\nFurther information about Debian Security Advisories, how to apply these \nupdates to your system and frequently asked questions can be found at: \nhttps://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-02-07T14:52:17", "published": "2015-02-07T14:52:17", "id": "DEBIAN:DSA-3156-1:B051A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00041.html", "title": "[SECURITY] [DSA 3156-1] liblivemedia security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:17:55", "bulletinFamily": "scanner", "description": "The version of VLC media player installed on the remote host is earlier\nthan 2.1.2. As such, it reportedly includes a version of Live Networks'\nLive555 Streaming Media library earlier than 2013.11.29. A buffer\noverflow vulnerability in the 'parseRTSPRequestString()' function in\nthat library exists that could lead to a program crash or arbitrary code\nexecution when handling a specially crafted RTSP message.", "modified": "2018-08-06T00:00:00", "published": "2014-02-04T00:00:00", "id": "VLC_2_1_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72279", "title": "VLC 2.x < 2.1.2 parseRTSPRequestString Function RTSP Command Parsing Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(72279);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2013-6933\", \"CVE-2013-6934\");\n script_bugtraq_id(65131, 65139);\n\n script_name(english:\"VLC 2.x < 2.1.2 parseRTSPRequestString Function RTSP Command Parsing Overflow\");\n script_summary(english:\"Checks VLC version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a media player that is affected by a\nbuffer overflow vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of VLC media player installed on the remote host is earlier\nthan 2.1.2. As such, it reportedly includes a version of Live Networks'\nLive555 Streaming Media library earlier than 2013.11.29. A buffer\noverflow vulnerability in the 'parseRTSPRequestString()' function in\nthat library exists that could lead to a program crash or arbitrary code\nexecution when handling a specially crafted RTSP message.\"\n );\n # http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?011ac987\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.live555.com/liveMedia/public/changelog.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 2.1.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vlc_installed.nasl\");\n script_require_keys(\"SMB/VLC/installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/VLC/installed\");\napp_name = \"VLC Media Player\";\nversion = get_kb_item_or_exit(\"SMB/VLC/Version\");\npath = get_kb_item_or_exit(\"SMB/VLC/Path\");\n\n# Version must be greater than 2.0 or not vuln. \nfix = \"2.1.2\";\nif (version =~ \"^2\\..*$\" && ver_compare(ver:version, fix: fix, strict:FALSE) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_hole(extra:report, port:port);\n }\n else security_hole(port:port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}