该博客详细介绍了LIVE555 RTSP服务器中存在的一处代码执行漏洞,该漏洞允许通过特制的HTTP包触发堆栈溢出,从而实现代码执行。受影响的版本为LIVE555 Media Server 0.92。CVSSv3评分为10.0,属于高危漏洞。漏洞主要存在于HTTP包解析功能,当RTSP通过HTTP隧道时,不正确的缓冲区处理可能导致溢出。
Live Networks LIVE555 streaming media RTSPServer lookForHeader code execution vulnerability
OCTOBER 18, 2018
CVE NUMBER
CVE-2018-4013
Summary
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
Tested Versions
Live Networks LIVE555 Media Server Version 0.92
Product URLs
CVSSv3 Score
10.0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
CWE-121: Stack-based Buffer Overflow
Details
The LIVE555 Media Libraries are a lightweight set of multimedia streaming libraries for RTSP/RTCP/RTSP/SIP, with code support for both servers and clients. They are utilized by popular media players such as VLC and MPlayer, as well as a multitude of embedded devices (mainly cameras). This vulnerability is in the server component which interacts with these media players but does not impact the media players.
One of the functionalities enabled by LIVE555 for their standard RTSP server is the ability to tunnel RTSP over HTTP, which is served by a different port bound by the server, typically TCP 80, 8000, or 8080, depending on what ports are available on the host machine. This port can support normal RTSP, but in certain cases, the HTTP client can negotiate the RTSP-over-HTTP tunnel. The code that handles this feature is:
// liveMedia/RTSPServer.cpp:607
void RTSPServer::RTSPClientConnection::handleRequestBytes(int newBytesRead) {
[...]
// The request was not (valid) RTSP, but check for a special case: HTTP commands
// (for setting up RTSP-over-HTTP tunneling):
最低0.47元/天 解锁文章
扫一扫
1141
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
