Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:105: xine-lib Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the xine-lib package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:105 (xine-lib).
A number of string overflows were discovered in the xine-lib program, some of
which can be used for remote buffer overflow exploits that lead to the execution
of arbitrary code with the permissions of the user running a xine-lib-based
media application. xine-lib versions 1-rc2 through, and including, 1-rc5 are
vulnerable to these problems.
As well, a heap overflow was found in the DVD subpicture decoder of xine-lib
this vulnerability is also remotely exploitable. All versions of xine-lib prior
to and including 0.5.2 through, and including, 1-rc5 are vulnerable to this
Patches from the xine-lib team have been backported and applied to the program
to solve these problems.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:105
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.