Damn Vulnerable Linux - The most vulnerable and exploitable operating system ever - DVL included Mplayer Buffer Overflow Vulnerability (CVE-2007-2948 and SAID 24302)

The No.1 Training Environment for IT-Security in Academia & Industry! Proven during University Lectures and Organizational Training! DVL is for IT-Security educational purposes ONLY! By downloading DVL you agree not to do any illegal actions!

DVL 1.5 has now left planning status. Bug Fixing started!

DVL 1.5 has now left planning status. Bug Fixing started! Some new additions: Lazarus IDE, ArgoUML, BlueJ, Firefox Plugins updated. The DVL Wargame makes progresses as well!

DVL 1.5 now in planning status

DVL 1.5 has now the status "planning". Beside this we work on the concept for 2008. More information, more training and better videos (those which are 100% related to DVL). Stay tuned!

VMWare Player

Damn Vulnerable Linux is prepared to run under VMWare player!

Statistics

Members: 9099
News: 95
Web Links: 0
Visitors: 451482

DVL included Mplayer Buffer Overflow Vulnerability (CVE-2007-2948 and SAID 24302)

Written by Dr. Thorsten Schneider

A stack overflow was found and reported by Stefan Cornelius of Secunia Research in the code used to handle cddb queries. Two other similar issues were found by Reimar Döffinger while fixing the issue. The vulnerability is identified with CVE-2007-2948 and SAID 24302. When copying the album title and category, no checking was performed on the size of the strings before storing them in a fixed-size array. A malicious entry in the database could trigger a stack overflow in the program, leading to arbitrary code execution with the uid of the user running MPlayer.

Severity

High (arbitrary remote code execution under the user ID running the player) when getting disk information from a malicious cddb entry, null if you do not use this feature. Please note that it is possible to overwrite entries in the cddb database, so an attack can also be performed via a non-compromised server. At the time the buffer overflow was fixed there was no known exploit in the wild.

Solution

A fix for this problem was committed to SVN on Tue Jun 5 11:13:32 2007 UTC as r23470. Users of affected MPlayer versions should download a patch for MPlayer 1.0rc1 or update to the latest version if they're using SVN.

DVL Project Tracker

DVL 1.5 (Infectious Desease)

95 %

References

IITAC - International Institute (Certification and Training)
University of Bielefeld, Germany, Technical Faculty
Leibnitz University of Hannover, Germany (Secure Software Development Lecture)
University of Applied Sciences and Arts Hannover, Germany (Secure Software Development Lecture)
East Tennessee State University, U.S (Ethical Hacking Class)
University of the Basque Country, Spain (Computer Security Class)
University of Florida, U.S. (Student Infosec Team)
Institute Superieur Maritim, Algeria

License

License for Damn Vulnerable Linux distribution

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.

License for training material including all texts, audios and videos

This work is licensed under a Creative Commons NonCommercial Sampling Plus 1.0 License.