Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0902031558250.3146@faron.mitre.org>
Date: Tue, 3 Feb 2009 15:59:43 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- (sort of urgent) gstreamer-plugins-good
 (repost) (more details about affected versions -- final version)


All in all, we have 4 distinct CVE's for the gstreamer issues, partially
based on which bugs appear in gstreamer-plugins.

- Steve

======================================================
Name: CVE-2009-0386
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0386
Acknowledged: yes changelog
Announced: 20090122
Flaw: buf
Reference: BUGTRAQ:20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded
Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3
Reference: MISC:http://trapkit.de/advisories/TKADV2009-003.txt
Reference: CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
Reference: CONFIRM:http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481267
Reference: BID:33405
Reference: URL:http://www.securityfocus.com/bid/33405
Reference: FRSIRT:ADV-2009-0225
Reference: URL:http://www.frsirt.com/english/advisories/2009/0225
Reference: SECUNIA:33650
Reference: URL:http://secunia.com/advisories/33650

Heap-based buffer overflow in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
gst-plugins-good) 0.10.9 through 0.10.11 might allow remote attackers
to execute arbitrary code via crafted Composition Time To Sample
(ctts) atom data in a malformed QuickTime media .mov file.


Analysis:
ABSTRACTION: The researcher lists three issues in the advisory, two
heap overflows and one array index error so these are SPLIT.

ABSTRACTION: One of the heap overflows affects different products than
the other, so they are SPLIT.

ACKNOWLEDGEMENT: The vendor states in release notes for 0.10.12: "Fix
for security advisory TKADV2009-0xx" which references the researcher,
who states "Vendor has released an updated version" and notes the
issue is resolved in the 0.10.12 release.


======================================================
Name: CVE-2009-0387
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0387
Acknowledged: yes changelog
Announced: 20090122
Flaw: other
Reference: BUGTRAQ:20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded
Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3
Reference: MISC:http://trapkit.de/advisories/TKADV2009-003.txt
Reference: CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
Reference: CONFIRM:http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481267
Reference: BID:33405
Reference: URL:http://www.securityfocus.com/bid/33405
Reference: FRSIRT:ADV-2009-0225
Reference: URL:http://www.frsirt.com/english/advisories/2009/0225
Reference: SECUNIA:33650
Reference: URL:http://secunia.com/advisories/33650

Array index error in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via crafted Sync Sample (aka stss) atom data in a
malformed QuickTime media .mov file, related to "mark keyframes."


Analysis:
ABSTRACTION: The researcher lists three issues in the advisory, two
heap overflows and one array index error so these are SPLIT.

ACKNOWLEDGEMENT: The vendor states in release notes for 0.10.12: "Fix
for security advisory TKADV2009-0xx" which references the researcher,
who states "Vendor has released an updated version" and notes the
issue is resolved in the 0.10.12 release.


======================================================
Name: CVE-2009-0397
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0397
Acknowledged: yes changelog
Announced: 20090122
Flaw: buf
Reference: BUGTRAQ:20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/500317/100/0/threaded
Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3
Reference: MISC:http://trapkit.de/advisories/TKADV2009-003.txt
Reference: CONFIRM:http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
Reference: CONFIRM:http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481267
Reference: BID:33405
Reference: URL:http://www.securityfocus.com/bid/33405
Reference: FRSIRT:ADV-2009-0225
Reference: URL:http://www.frsirt.com/english/advisories/2009/0225
Reference: SECUNIA:33650
Reference: URL:http://secunia.com/advisories/33650

Heap-based buffer overflow in the qtdemux_parse_samples function in
gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka
gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka
gstreamer-plugins) 0.8.5, might allow remote attackers to execute
arbitrary code via crafted Time-to-sample (aka stts) atom data in a
malformed QuickTime media .mov file.


Analysis:
ABSTRACTION: The researcher lists three issues in the advisory, two
heap overflows and one array index error so these are SPLIT.

ABSTRACTION: One of the heap overflows affects different products than
the other, so they are SPLIT.

ACKNOWLEDGEMENT: The vendor states in release notes for 0.10.12: "Fix
for security advisory TKADV2009-0xx" which references the researcher,
who states "Vendor has released an updated version" and notes the
issue is resolved in the 0.10.12 release.

WIKI: The MLIST:[oss-security] 20090129 indicates that vulnerability
[C] is about "QuickTime 'stts' Atom parsing" but then says "QuickTime
Sync Sample Atom parsing." This is incorrect. An stts atom is a
"Time-to-sample atom." (An stss atom is a "Sync Sample Atom.")


======================================================
Name: CVE-2009-0398
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398
Acknowledged: unknown
Announced: 20090129
Flaw: other
Reference: MLIST:[oss-security] 20090129 CVE Request -- (sort of urgent) gstreamer-plugins-good (repost) (more details about affected versions -- final version)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/29/3

Array index error in the gst_qtp_trak_handler function in
gst/qtdemux/qtdemux.c in GStreamer Plug-ins (aka gstreamer-plugins)
0.6.0 allows remote attackers to have an unknown impact via a crafted
QuickTime media file.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.