Critical Vulnerability Discovered in LIVE555 Streaming Media Library
Security researchers have recently identified a critical code execution vulnerability in the LIVE555 streaming media library, a widely utilized framework in various media players and embedded devices for streaming audio and video content. This vulnerability raises significant concerns for businesses reliant on these technologies, as it could expose them to potential exploitation.
LIVE555, developed by Live Networks, consists of C++ libraries that facilitate multimedia streaming via open standard protocols such as RTP, RTCP, RTSP, and SIP. Its versatility allows numerous applications and devices to leverage its capabilities to deliver rich media experiences. However, the recently reported vulnerability—tracked as CVE-2018-4013—poses a serious threat to the integrity and security of systems utilizing this library.
Among the popular software leveraging LIVE555 are renowned media players like VLC and MPlayer. The vulnerability primarily resides in the HTTP packet-parsing functionality of the LIVE555 RTSP, specifically during the analysis of HTTP headers intended for tunneling RTSP over HTTP. According to Cisco Talos, the vulnerability can lead to a stack-based buffer overflow if an attacker sends a specially crafted packet, thereby enabling arbitrary code execution.
Talos’ assessment indicates that exploiting this vulnerability requires constructing a packet with multiple ‘Accept:’ or ‘x-sessioncookie’ header strings. When processed, these packets can trigger the stack buffer overflow within the ‘lookForHeader’ function, leading to potential unauthorized access and control.
Cisco Talos confirmed that the vulnerability exists in Live555 Media Server version 0.92, although they speculate earlier versions may also be at risk. This has been a proactive security measure, as the team responsibly disclosed the vulnerability to Live Networks on October 10. Following the vendor’s release of security patches on October 17, the details of the vulnerability became public on October 18.
The implications of this vulnerability extend beyond direct exploitation. Given that LIVE555 is integrated into various systems across multiple sectors and uses various video and audio codecs, businesses must assess the potential risks and implement relevant security measures. Recognizing the tactics outlined in the MITRE ATT&CK Matrix provides context to the methodologies that may be applied in such attacks. Techniques such as initial access via vulnerable software libraries, exploitation of public-facing applications, and privilege escalation are certainly pertinent.
As organizations continue to adapt to evolving cybersecurity threats, awareness and prompt action are paramount. Ensuring all relevant software is updated with the latest security patches is critical to defending against this and similar vulnerabilities. Business owners must remain vigilant in their cybersecurity practices to mitigate the risks associated with vulnerabilities that could potentially compromise their operational security.