Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2005:180: xine-lib Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the xine-lib package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2005:180 (xine-lib).

When playing an Audio CD, a xine-lib based media application contacts a CDDB
server to retrieve metadata like the title and artist's name. During processing
of this data, a response from the server, which is located in memory on the
stack, is passed to the fprintf() function as a format string. A possible hacker can
set up a malicious CDDB server and trick the client into using this server
instead of the pre- configured one. Alternatively, any user and therefore the
attacker can modify entries in the official CDDB server. Using this format
string vulnerability, attacker-chosen data can be written to a possible hacker-chosen
memory location. This allows the attacker to alter the control flow and to
execute malicious code with the permissions of the user running the

This problem was reported by Ulf Harnhammar from the Debian Security Audit

The updated packages have been patched to correct this problem.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.