A number of vendors and other entities have addressed significant security flaws in their programs in the last few days. Here’s a roundup:
— iDefense Labs has issued an advisory on flaws in RealPlayer, an application for playing various media formats developed by RealNetworks Inc., and HelixPlayer, the open source version of RealPlayer.
“Remote exploitation of a buffer overflow within RealNetworks’ RealPlayer and HelixPlayer allows attackers to execute arbitrary code in the context of the user,” iDefense said. “The issue specifically exists in the handling of HH:mm:ss.f time formats by the ‘wallclock’ functionality within the code supporting SMIL2.”
— The Massachusetts Institute of Technology (MIT) has fixed several critical Kerberos 5 flaws attackers could exploit to cause a denial of service or take complete control of an affected system. According to the French Security Incident Response Team (FrSIRT), there are three problems:
Attackers could exploit an error in the “gssrpc__svcauth_gssapi()” [src/lib/rpc/svc_auth_gssapi.c] function when processing an RPC credential with a length of zero to crash an affected application or execute arbitrary code.
Attackers could exploit an integer conversion error in the “gssrpc__svcauth_unix()” [src/lib/rpc/svc_auth_unix.c] function when storing an unsigned integer obtained from “IXDR_GET_U_LONG” into a signed integer variable “str_len” to crash an affected application or execute arbitrary code.
Attackers could exploit a stack overflow error in the “rename_principal_2_svc()” [src/kadmin/server/server_stubs.c] function when concatenating the source and destination principal names with the string “to” to crash an affected application or execute arbitrary code.
FrSIRT’s advisory links to the fixes MIT has made available.
Kerberos is a secure method for authenticating a request for a service in a computer network. It was developed in the Athena Project at MIT and is incorporated into a variety of products, including Sun Microsystems’s Enterprise Authentication Mechanism software and its Solaris operating system, Red Hat Linux, MandrakeSoft Linux and Debian Linux.
— Symantec has fixed a denial-of-service flaw in its Mail Security for SMTP. The product fails to properly check for boundary errors when parsing executable attachments, and attackers can exploit the problem to cause a denial of service.
“Symantec has released a downloadable updates for this issue available through the Platinum Support Web Site for Platinum customers or through the FileConnect -Electronic Software Distribution web site for all licensed users,” the vendor said in its advisory. “Users of Symantec Mail Security for SMTP 5.0.0 are encouraged to upgrade to 5.0.1 and then download and apply the update.”