From febfac9141c0c1370f340e5db3e3d2e5fa6a038a Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Wed, 31 Mar 2004 16:52:24 +0000 Subject: Add mplayer and tcpdump issues. Submitted by: Frankye Fattarelli Reported by: Many --- security/vuxml/vuln.xml | 68 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) (limited to 'security/vuxml/vuln.xml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a90325d70092..df0720b37f71 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -30,6 +30,74 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + + mplayer heap overflow in http requests + + + mplayer + mplayer-gtk + mplayer-esound + mplayer-gtk-esound + 0.92.1 + + + + +

A remotely exploitable heap buffer overflow vulnerability was + found in MPlayer's URL decoding code. If an attacker can + cause MPlayer to visit a specially crafted URL, arbitrary code + execution with the privileges of the user running MPlayer may + occur. A `visit' might be caused by social engineering, or a + malicious web server could use HTTP redirects which MPlayer + would then process.

+ + + + http://www.mplayerhq.hu/homepage/design6/news.html + http://marc.theaimsgroup.com/?l=bugtraq&m=108066964709058 + + + + 2004-03-30 + 2004-03-31 + + + + + tcpdump ISAKMP payload handling remote denial-of-service + + + tcpdump + 3.8.3 + + + FreeBSD + 0 + + + + +

Chad Loder has discovered vulnerabilities in tcpdump's + ISAKMP protocol handler. During an audit to repair these + issues, Bill Fenner discovered some related problems.

These vulnerabilities may be used by an attacker to crash a + running `tcpdump' process. They can only be triggered if + the `-v' command line option is being used.

+ + + + http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525 + http://www.rapid7.com/advisories/R7-0017.html + CAN-2004-0183 + CAN-2004-0184 + + + 2004-03-12 + 2004-03-31 + + + zebra/quagga denial of service vulnerability -- cgit v1.2.3