lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090309181624.31667.qmail@securityfocus.com>
Date: 9 Mar 2009 18:16:24 -0000
From: Anon@...acker.net
To: bugtraq@...urityfocus.com
Subject: flv2mpeg4: Malformed parameters Denial of Service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
Sun Mar  8 21:06:34 CST 2009        Heuristics and Exploiting Vulnerabilities
                                                                 elhacker.net

Topic: flv2mpeg4: Malformed parameters Denial of Service

======================================================================

Table of Contents

1- Affected Software.
2- Background.
3- Problem Description.
4- Severity
5- Solution
6- Time Table
7- Credits
8- About elhacker.net

======================================================================
1) Affected Software

flv2mpeg4  v1.1

Prior versions may also be affected.

======================================================================
2) Background

flv2mpeg4 allows you convert a Flash Video / FLV file (YouTube's videos,etc)
to MPEG4 (AVI/MOV/MP4/MP3/3GP) file online. It is using a compressed domain
transcoder technology (outline in Japanese). It converts FLV to MPEG4 faster
and less lossy than a typical transcoder.

http://www.freebsd.org/cgi/url.cgi?ports/multimedia/flv2mpeg4/pkg-descr

======================================================================
3) Problem Description

As we can see flv2mpeg4 receives 2 parameters the first is expected to be
a flv file and second mpeg4 (AVI/MOV/MP4/MP3/3GP), the problem is a clerical
error in the parameters or a parameter poorly trained, causing the 
application to stop running unexpectedly

for example:

Anon@...alhost % flv2mpeg4 Video.flv Video.mpg
Segmentation fault (core dumped)

in this mpg extension is incorrect

Anon@...alhost % flv2mpeg4 Video.flv `perl -e '{print "A"x4000,".avi"}'`
Segmentation fault (core dumped)
	
Although the extension is correct in this case, does not allow such a long
file name

======================================================================
4) Severity

Rating: Very low risk
Impact: Denial of service
Where: Local

======================================================================
5) Solution

Run flv2mpeg4 done correctly with the parameters in order

======================================================================
6) Time Table

22/12/2008 - Vendor notified.
23/12/2008 - Vendor response.
08/03/2009 - Public disclosure.

======================================================================
7) Credits

Discovered by Anon, elhacker.net

======================================================================
8) About elhacker.net

Overall objective of the forum elhacker.net
Promote research and encourage the dissemination of knowledge by providing
a means of information, protecting and fighting for their freedom.

Subforum Heuristics and exploitation of vulnerabilities.
Following the overall objective of the forum, subforum Heuristics and 
exploitation of vulnerabilities (Bugs and Exploits), aims at promoting 
research into techniques for detection and exploitation of vulnerabilities
in any operating system or program that might allow the execution of 
arbitrary code, or any other means which violate the confidentiality,
integrity, or availability of information.

http://foro.elhacker.net/
http://foro.elhacker.net/bugs_y_exploits-b32.0/

=============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkm0mE4ACgkQd963iVkvICn7GQCeIonHNhFV/pdu7uvuZG4ucq+A
lMEAoIEDL8JsG1mbb2RrAutEN2TaXs/5
=mi4f
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ