MPlayer sdpplin_parse()函数RTSP整数溢出漏洞

BUGTRAQ ID: 28851 CVE(CAN) ID: CVE-2008-1558 MPlayer是一款基于Linux的媒体播放程序，支持多种媒体格式。 MPlayer的stream/realrtsp/sdpplin.c文件中的sdpplin_parse()函数存在整数溢出漏洞： sdpplin_parse_stream() desc-&gt;stream_id=atoi(buf); spplin_parse() desc-&gt;stream[stream-&gt;stream_id]=stream; 如果用户所打开的媒体文件中包含有超长的StreamCount SDP参数的话，就可以触发这个溢出，导致执行任意指令。 MPlayer 1.0 rc2 Debian ------ Debian已经为此发布了一个安全公告（DSA-1552-1）以及相应补丁: DSA-1552-1：New mplayer packages fix arbitrary code execution 链接：<a href=http://www.debian.org/security/2008/dsa-1552 target=_blank>http://www.debian.org/security/2008/dsa-1552</a> 补丁下载： Source archives: <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1.orig.tar.gz</a> Size/MD5 checksum: 10286260 815482129b79cb9390904b145c5def6c <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3.diff.gz target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3.diff.gz</a> Size/MD5 checksum: 81742 54e2210e0f0eaa596acf6210b050fb50 <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3.dsc target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3.dsc</a> Size/MD5 checksum: 1265 6ccb62e72b94fa4c797975a36766bb45 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc1-12etch3_all.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc1-12etch3_all.deb</a> Size/MD5 checksum: 2053074 2a88c44b4fa0e754660948ea7e42b8e4 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_alpha.deb</a> Size/MD5 checksum: 4707708 444e5067e94888747c62ea39b9ce1938 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_amd64.deb</a> Size/MD5 checksum: 4372894 8f8fb89d21cfc0d8eb028451208f6fb9 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_arm.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_arm.deb</a> Size/MD5 checksum: 4325350 4ee43a3fa256b3e76aae898df3286ace hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_hppa.deb</a> Size/MD5 checksum: 4384442 4a9e2e68d4edcccd7f3bd4b08d1ac4c5 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_i386.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_i386.deb</a> Size/MD5 checksum: 4421502 c0bfb3da63001b23532ff69750888a8e ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_ia64.deb</a> Size/MD5 checksum: 5842288 8d1fca3a56bbf0faafb39c6ebefd6c92 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_mips.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_mips.deb</a> Size/MD5 checksum: 4274728 b51101e7fa8fb0ab197fd84ea9d36c59 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_mipsel.deb</a> Size/MD5 checksum: 4278972 bac174ec794adbcf9f9e4cc44951781e powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_powerpc.deb</a> Size/MD5 checksum: 4342252 2a30381673555b1626c407c5cfad56a3 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_s390.deb target=_blank>http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_s390.deb</a> Size/MD5 checksum: 4163070 81d36ad30bdefeaf77c4531fe4db5cb1 补丁安装方法： 1. 手工安装补丁包： 首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包： 首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade MPlayer ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www.mplayerhq.hu/homepage/design6/news.html target=_blank>http://www.mplayerhq.hu/homepage/design6/news.html</a>