Detections
Analytics
GLSA-200808-01 : xine-lib: User-assisted execution of arbitrary code
high Nessus Plugin ID 33831
Synopsis
The remote Gentoo host is missing one or more security-related patches.Description
The remote host is affected by the vulnerability described in GLSA-200808-01 (xine-lib: User-assisted execution of arbitrary code)Multiple vulnerabilities have been discovered in xine-lib:
Alin Rad Pop of Secunia reported an array indexing vulnerability in the sdpplin_parse() function in the file input/libreal/sdpplin.c when processing streams from RTSP servers that contain a large 'streamid' SDP parameter (CVE-2008-0073).
Luigi Auriemma reported multiple integer overflows that result in heap-based buffer overflows when processing '.FLV', '.MOV' '.RM', '.MVE', '.MKV', and '.CAK' files (CVE-2008-1482).
Guido Landi reported a stack-based buffer overflow in the demux_nsf_send_chunk() function when handling titles within NES Music (.NSF) files (CVE-2008-1878).
Impact :
A remote attacker could entice a user to play a specially crafted video file or stream with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player.
Workaround :
There is no known workaround at this time.
Solution
All xine-lib users should upgrade to the latest version:# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.13'
See Also
Plugin Details
Severity: High
ID: 33831
File Name: gentoo_GLSA-200808-01.nasl
Version: 1.17
Type: local
Family: Gentoo Local Security Checks
Published: 8/7/2008
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:gentoo:linux:xine-lib, cpe:/o:gentoo:linux
Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/6/2008