|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200408-01] MPlayer: GUI filename handling overflow Vulnerability Scan
Vulnerability Scan Summary MPlayer: GUI filename handling overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200408-01
(MPlayer: GUI filename handling overflow)
The MPlayer GUI code contains several buffer overflow vulnerabilities, and
at least one in the TranslateFilename() function is exploitable.
Impact
By enticing a user to play a file with a carefully crafted filename an
attacker could execute arbitrary code with the permissions of the user
running MPlayer.
Workaround
To work around this issue, users can compile MPlayer without GUI support by
disabling the gtk USE flag. All users are encouraged to upgrade to the
latest available version of MPlayer.
References:
http://www.securityfocus.com/bid/10615/
http://www.open-security.org/advisories/5
Solution:
All MPlayer users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-video/mplayer-1.0_pre4-r7"
# emerge ">=media-video/mplayer-1.0_pre4-r7"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|