|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200408-18] xine-lib: VCD MRL buffer overflow Vulnerability Scan
Vulnerability Scan Summary xine-lib: VCD MRL buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200408-18
(xine-lib: VCD MRL buffer overflow)
xine-lib contains a bug where it is possible to overflow the vcd:// input
source identifier management buffer through carefully crafted playlists.
Impact
A possible hacker may construct a carefully-crafted playlist file which will
cause xine-lib to execute arbitrary code with the permissions of the user.
In order to conform with the generic naming standards of most Unix-like
systems, playlists can have extensions other than .asx (the standard xine
playlist format), and made to look like another file (MP3, AVI, or MPEG for
example). If a possible hacker crafts a playlist with a valid header, they can
insert a VCD playlist line that can cause a buffer overflow and possible
shellcode execution.
Workaround
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of xine-lib.
References:
http://www.open-security.org/advisories/6
Solution:
All xine-lib users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-libs/xine-lib-1_rc5-r3"
# emerge ">=media-libs/xine-lib-1_rc5-r3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|