|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
Sun Mar 8 21:06:34 CST 2009 Heuristics and Exploiting Vulnerabilities
elhacker.net
Topic: flv2mpeg4: Malformed parameters Denial of Service
======================================================================
Table of Contents
1- Affected Software.
2- Background.
3- Problem Description.
4- Severity
5- Solution
6- Time Table
7- Credits
8- About elhacker.net
======================================================================
1) Affected Software
flv2mpeg4 v1.1
Prior versions may also be affected.
======================================================================
2) Background
flv2mpeg4 allows you convert a Flash Video / FLV file (YouTube's videos,etc)
to MPEG4 (AVI/MOV/MP4/MP3/3GP) file online. It is using a compressed domain
transcoder technology (outline in Japanese). It converts FLV to MPEG4 faster
and less lossy than a typical transcoder.
http://www.freebsd.org/cgi/url.cgi?ports/multimedia/flv2mpeg4/pkg-descr
======================================================================
3) Problem Description
As we can see flv2mpeg4 receives 2 parameters the first is expected to be
a flv file and second mpeg4 (AVI/MOV/MP4/MP3/3GP), the problem is a clerical
error in the parameters or a parameter poorly trained, causing the
application to stop running unexpectedly
for example:
Anon@localhost % flv2mpeg4 Video.flv Video.mpg
Segmentation fault (core dumped)
in this mpg extension is incorrect
Anon@localhost % flv2mpeg4 Video.flv `perl -e '{print "A"x4000,".avi"}'`
Segmentation fault (core dumped)
Although the extension is correct in this case, does not allow such a long
file name
======================================================================
4) Severity
Rating: Very low risk
Impact: Denial of service
Where: Local
======================================================================
5) Solution
Run flv2mpeg4 done correctly with the parameters in order
======================================================================
6) Time Table
22/12/2008 - Vendor notified.
23/12/2008 - Vendor response.
08/03/2009 - Public disclosure.
======================================================================
7) Credits
Discovered by Anon, elhacker.net
======================================================================
8) About elhacker.net
Overall objective of the forum elhacker.net
Promote research and encourage the dissemination of knowledge by providing
a means of information, protecting and fighting for their freedom.
Subforum Heuristics and exploitation of vulnerabilities.
Following the overall objective of the forum, subforum Heuristics and
exploitation of vulnerabilities (Bugs and Exploits), aims at promoting
research into techniques for detection and exploitation of vulnerabilities
in any operating system or program that might allow the execution of
arbitrary code, or any other means which violate the confidentiality,
integrity, or availability of information.
http://foro.elhacker.net/
http://foro.elhacker.net/bugs_y_exploits-b32.0/
=============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAkm0mE4ACgkQd963iVkvICn7GQCeIonHNhFV/pdu7uvuZG4ucq+A
lMEAoIEDL8JsG1mbb2RrAutEN2TaXs/5
=mi4f
-----END PGP SIGNATURE-----