Mandriva Update For Mplayer MDVSA-2008:196 (mplayer) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. The updated packages have been patched to fix this issue.

Affected

mplayer on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-1558

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:148 (kernel)
Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
Mandrake Security Advisory MDVSA-2009:005 (xterm)
Mandrake Security Advisory MDVSA-2009:085 (gstreamer0.10-plugins-base)
Mandrake Security Advisory MDVSA-2009:067 (libsndfile)

Mandriva Update for mplayer MDVSA-2008:196 (mplayer)

Take action and discover your vulnerabilities