Detections
Analytics
Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:108)
medium Nessus Plugin ID 21752
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. (CVE-2006-2802)In addition, a possible buffer overflow exists in the AVI demuxer, similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release of xine-lib does not have this issue.
The updated packages have been patched to correct these issues.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 21752
File Name: mandrake_MDKSA-2006-108.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 6/24/2006
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64xine1, p-cpe:/a:mandriva:linux:lib64xine1-devel, p-cpe:/a:mandriva:linux:libxine1, p-cpe:/a:mandriva:linux:libxine1-devel, p-cpe:/a:mandriva:linux:xine-aa, p-cpe:/a:mandriva:linux:xine-arts, p-cpe:/a:mandriva:linux:xine-dxr3, p-cpe:/a:mandriva:linux:xine-esd, p-cpe:/a:mandriva:linux:xine-flac, p-cpe:/a:mandriva:linux:xine-gnomevfs, p-cpe:/a:mandriva:linux:xine-image, p-cpe:/a:mandriva:linux:xine-plugins, p-cpe:/a:mandriva:linux:xine-polyp, p-cpe:/a:mandriva:linux:xine-smb, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/20/2006
Reference Information
CVE: CVE-2006-2802
BID: 18187
MDKSA: 2006:108