(Mandrake Issues Fix) xine-lib DVD Subpicture Buffer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1011556 |
|
SecurityTracker URL: http://securitytracker.com/id/1011556
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 6 2004
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 0.5.2 - 0.5.x; 0.9.x; 1-alpha.x; 1-beta.x; 1-rc - 1-rc5
|
Description:
A vulnerability was reported in xine-lib in the processing of DVD subpictures. A remote user may be able to execute arbitrary code on the target user's system with the privileges of the target user.
The vendor reported that the DVD subpicture decoder contains a heap overflow. A remote user can create a specially crafted file that, when processed by xine-lib, will trigger the overflow and execute arbitrary code.
If the two DVD subpicture fields are stored in an overlapping manner, the conversion software may exceed the memory allocation when writing the fields.
MPEG files that contain subpictures can also be used to exploit the flaw.
The vendor indicates that the vulnerability is difficult to exploit.
|
Impact:
A remote user can cause arbitrary code to be executed on the target user's system with the privileges of the target user.
|
Solution:
Mandrake has released a fix.
Mandrakelinux 10.0:
10ce6885addcfa3a9ed0380805fcbce6 10.0/RPMS/libxine1-1-0.rc3.6.2.100mdk.i586.rpm
2a1341dfa762f5208673ab20ec5d9092 10.0/RPMS/libxine1-devel-1-0.rc3.6.2.100mdk.i586.rpm
a654845136034c4cdb30ed89a0ca81b7 10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.i586.rpm
e70b118d3bdd2a9a9dc48143601f78a4 10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.i586.rpm
1ff7a30cd60c470f4d89cebfaf33d5f8 10.0/RPMS/xine-dxr3-1-0.rc3.6.2.100mdk.i586.rpm
2be55268cb20ff387313f662d19e5112 10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.i586.rpm
8ea540e75311662ee5db57a0fa38e51a 10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.i586.rpm
ba12f4c0368e6d81f6965c64e13796a0 10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.i586.rpm
253a8c8dac5200fe7afc3d5d502be1ed 10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.i586.rpm
0f65783b02ceea2ee697af41a4406d76 10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
12e4e1ef7a03cee73b025f106de3f05e amd64/10.0/RPMS/lib64xine1-1-0.rc3.6.2.100mdk.amd64.rpm
b04a4aa8e15009fe67e7cbd2b5d7304f amd64/10.0/RPMS/lib64xine1-devel-1-0.rc3.6.2.100mdk.amd64.rpm
dec9a4e10c6c1f3cda08a252bfa54963 amd64/10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.amd64.rpm
76890b85ba9cc2ddd84bc8f7f79e1482 amd64/10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.amd64.rpm
fbf465711eda60e57198666c0c693267 amd64/10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.amd64.rpm
e5921bb72c4a819a685d736301643c4d amd64/10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.amd64.rpm
c79055804621f8ff95ad738a75bcc5d6 amd64/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.amd64.rpm
72781a34d4b3f83d2e4a3e5226ed5942 amd64/10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.amd64.rpm
0f65783b02ceea2ee697af41a4406d76 amd64/10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm
|
Vendor URL: xinehq.de/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Mandriva/Mandrake)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: 6 Oct 2004 19:40:48 -0000
Subject: [Security Announce] MDKSA-2004:105 - Updated xine-lib packages
|
This is a multi-part message in MIME format...
------------=_1097096811-987-1044
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: xine-lib
Advisory ID: MDKSA-2004:105
Date: October 6th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
A number of string overflows were discovered in the xine-lib program,
some of which can be used for remote buffer overflow exploits that
lead to the execution of arbitrary code with the permissions of the
user running a xine-lib-based media application. xine-lib versions
1-rc2 through, and including, 1-rc5 are vulnerable to these problems.
As well, a heap overflow was found in the DVD subpicture decoder of
xine-lib; this vulnerability is also remotely exploitable. All
versions of xine-lib prior to and including 0.5.2 through, and
including, 1-rc5 are vulnerable to this problem.
Patches from the xine-lib team have been backported and applied to
the program to solve these problems.
_______________________________________________________________________
References:
http://xinehq.de/index.php/security/XSA-2004-4
http://xinehq.de/index.php/security/XSA-2004-5
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
10ce6885addcfa3a9ed0380805fcbce6 10.0/RPMS/libxine1-1-0.rc3.6.2.100mdk.i586.rpm
2a1341dfa762f5208673ab20ec5d9092 10.0/RPMS/libxine1-devel-1-0.rc3.6.2.100mdk.i586.rpm
a654845136034c4cdb30ed89a0ca81b7 10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.i586.rpm
e70b118d3bdd2a9a9dc48143601f78a4 10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.i586.rpm
1ff7a30cd60c470f4d89cebfaf33d5f8 10.0/RPMS/xine-dxr3-1-0.rc3.6.2.100mdk.i586.rpm
2be55268cb20ff387313f662d19e5112 10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.i586.rpm
8ea540e75311662ee5db57a0fa38e51a 10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.i586.rpm
ba12f4c0368e6d81f6965c64e13796a0 10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.i586.rpm
253a8c8dac5200fe7afc3d5d502be1ed 10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.i586.rpm
0f65783b02ceea2ee697af41a4406d76 10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
12e4e1ef7a03cee73b025f106de3f05e amd64/10.0/RPMS/lib64xine1-1-0.rc3.6.2.100mdk.amd64.rpm
b04a4aa8e15009fe67e7cbd2b5d7304f amd64/10.0/RPMS/lib64xine1-devel-1-0.rc3.6.2.100mdk.amd64.rpm
dec9a4e10c6c1f3cda08a252bfa54963 amd64/10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.amd64.rpm
76890b85ba9cc2ddd84bc8f7f79e1482 amd64/10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.amd64.rpm
fbf465711eda60e57198666c0c693267 amd64/10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.amd64.rpm
e5921bb72c4a819a685d736301643c4d amd64/10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.amd64.rpm
c79055804621f8ff95ad738a75bcc5d6 amd64/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.amd64.rpm
72781a34d4b3f83d2e4a3e5226ed5942 amd64/10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.amd64.rpm
0f65783b02ceea2ee697af41a4406d76 amd64/10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBZEpAmqjQ0CJFipgRAlxcAJwIKy+YgZjkGEM/FS6iG0WKnXmtGQCgs5vw
o1mdmtdIISSyK1vpnbFzBuo=
=sYnL
-----END PGP SIGNATURE-----
------------=_1097096811-987-1044
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
------------=_1097096811-987-1044--
|
|
