Bug 561338 – CVE-2009-4247 HelixPlayer / RealPlayer: RTSP client ASM RuleBook stack buffer overflow

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 561338 - (CVE-2009-4247) CVE-2009-4247 HelixPlayer / RealPlayer: RTSP client ASM RuleBook stack buffer overflow

Summary:	CVE-2009-4247 HelixPlayer / RealPlayer: RTSP client ASM RuleBook stack buffer...

Status:	CLOSED ERRATA

Aliases:	CVE-2009-4247

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	urgent Severity urgent
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:	http://web.nvd.nist.gov/view/vuln/det...
Whiteboard:	impact=critical,source=internet,repor...
Keywords:	Security

Depends On:
Blocks:	CVE-2009-0375/CVE-2009-0376/CVE-2009-4241/CVE-2009-4244/CVE-2009-4246
	Show dependency tree / graph

Reported:	2010-02-03 08:22 EST by Tomas Hoger
Modified:	2016-03-04 06:13 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2010-02-09 06:06:54 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2010:0094	normal	SHIPPED_LIVE	Critical: HelixPlayer security update	2010-02-09 05:14:30 EST

Groups: None (edit)

Description Tomas Hoger 2010-02-03 08:22:09 EST

Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4247 to the following vulnerability:

RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741;
RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac
RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1;
and Helix Player 10.x, 11.0.0, and 11.0.1 allow remote attackers to have an
unspecified impact via a crafted ASM RuleBook, related to an "array overflow."

References:
http://service.real.com/realplayer/security/01192010_player/en/
http://xforce.iss.net/xforce/xfdb/55802

Comment 1 Tomas Hoger 2010-02-03 08:23:09 EST

Upstream patch:
http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html
https://helixcommunity.org/viewcvs/protocol/rtsp/rtspclnt.cpp?view=log#rev1.245

Additional reference:
http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html

Comment 3 errata-xmlrpc 2010-02-09 05:15:52 EST

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2010:0094 https://rhn.redhat.com/errata/RHSA-2010-0094.html

Note You need to log in before you can comment on or make changes to this bug.