|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200411-14] Kaffeine, gxine: Remotely exploitable buffer overflow Vulnerability Scan
Vulnerability Scan Summary Kaffeine, gxine: Remotely exploitable buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200411-14
(Kaffeine, gxine: Remotely exploitable buffer overflow)
KF of Secure Network Operations has discovered an overflow that occurs during the Content-Type header processing of Kaffeine. The vulnerable code in Kaffeine is reused from gxine, making gxine vulnerable as well.
Impact
A possible hacker could create a specially-crafted Content-type header from a malicious HTTP server, and crash a user's instance of Kaffeine or gxine, potentially allowing the execution of arbitrary code.
Workaround
There is no known workaround at this time.
References:
http://securitytracker.com/alerts/2004/Oct/1011936.html
http://sourceforge.net/tracker/index.php?func=detail&aid=1060299&group_id=9655&atid=109655
Solution:
All Kaffeine users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/kaffeine-0.4.3b-r1"
All gxine users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/gxine-0.3.3-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|