SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Multimedia)  >   xine Vendors:   xinehq.de
(Gentoo Issues Fix) xine Buffer Overflow in Processing 'vcd' Identifiers Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1010973
SecurityTracker URL:  http://securitytracker.com/id/1010973
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 18 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.99.2
Description:   A buffer overflow vulnerability was reported in xine in the processing of 'vcd://' protocol identifiers. A remote user can execute arbitrary code on the target system.

c0ntex at open-security.org reported that a remote user can trigger a stack overflow in xine-lib by embedding a specially crafted source identifier within a playlist file, for example. When the target user plays the file, arbitrary code can be executed with the privileges of the target user.

The vendor was reportedly notified on July 11, 2004.

A demonstration exploit is included within the original advisory, available at:

http://www.open-security.org/advisories/6
Impact:   A remote user can cause arbitrary code to be executed by a target user with the privileges of the target user.
Solution:   Gentoo has released a fix and indicates that all xine-lib users should upgrade to the latest version:

# emerge sync

# emerge -pv ">=media-libs/xine-lib-1_rc5-r3"
# emerge ">=media-libs/xine-lib-1_rc5-r3"
Vendor URL:  xinehq.de/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 8 2004 xine Buffer Overflow in Processing 'vcd' Identifiers Lets Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  Tue, 17 Aug 2004 22:29:52 +0000
Subject:  [gentoo-announce] [ GLSA 200408-18 ] xine-lib: VCD MRL buffer overflow



--KsuvaXFE0ttsM3Is
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200408-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: xine-lib: VCD MRL buffer overflow
      Date: August 17, 2004
      Bugs: #59948
        ID: 200408-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

xine-lib contains an exploitable buffer overflow in the VCD handling
code

Background
==========

xine-lib is a multimedia library which can be utilized to create
multimedia frontends.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /   Vulnerable   /                Unaffected
    -------------------------------------------------------------------
  1  media-libs/xine-lib      <= 1_rc5-r2                  >= 1_rc5-r3

Description
===========

xine-lib contains a bug where it is possible to overflow the vcd://
input source identifier management buffer through carefully crafted
playlists.

Impact
======

An attacker may construct a carefully-crafted playlist file which will
cause xine-lib to execute arbitrary code with the permissions of the
user. In order to conform with the generic naming standards of most
Unix-like systems, playlists can have extensions other than .asx (the
standard xine playlist format), and made to look like another file
(MP3, AVI, or MPEG for example). If an attacker crafts a playlist with
a valid header, they can insert a VCD playlist line that can cause a
buffer overflow and possible shellcode execution.

Workaround
==========

There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of xine-lib.

Resolution
==========

All xine-lib users should upgrade to the latest version:

    # emerge sync

    # emerge -pv ">=media-libs/xine-lib-1_rc5-r3"
    # emerge ">=media-libs/xine-lib-1_rc5-r3"

References
==========

  [ 1 ] Open Security Advisory
        http://www.open-security.org/advisories/6

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200408-18.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0

--KsuvaXFE0ttsM3Is
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBIobgJPpRNiftIEYRAhG8AKCI45vjk343zmCJrv7oBwtYqEPTnwCeLYd4
Kijw45KIbit6CVnWY2OJVe8=
=RHXX
-----END PGP SIGNATURE-----

--KsuvaXFE0ttsM3Is--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC