[gull-annonces] Résumé SecurityFocus Newsletter #348

Marc SCHAEFER schaefer at alphanet.ch
Wed May 3 09:04:43 CEST 2006


ASTERISK JPEG FILE HANDLING INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 17561
Last Updated: 2006-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17561
Summary:

  Asterisk is prone to an integer-overflow vulnerability.

  This issue arises when the application handles a malformed
  JPEG file.

  An attacker could exploit this vulnerability to execute arbitrary
  code in the context of the vulnerable application.

ASTERISK VOICEMAIL UNAUTHORIZED ACCESS VULNERABILITY
BugTraq ID: 15336
Last Updated: 2006-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15336
Summary:
  Asterisk is prone to an unauthorized-access vulnerability. This
  issue is due to a failure in the application to properly verify user-
  supplied input.

  Successful exploitation will grant an attacker access to a victim
  user's voicemail and to any '.wav/.WAV' files currently on the
  affected system.

CLAM ANTIVIRUS FRESHCLAM REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17754
Last Updated: 2006-05-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17754
Summary:
  ClamAV's freshclam utility is susceptible to a remote buffer-
  overflow vulnerability. The utility fails to perform sufficient
  boundary checks in server-supplied HTTP data before copying it to an
  insufficiently sized memory buffer.

  To exploit this issue, attackers must subvert webservers in the
  ClamAV database server pool. Or, they would perform DNS-based
  attacks or man-in-the-middle attacks to cause affected freshclam
  applications to connect to attacker-controlled webservers.

  This issue allows remote attackers to execute arbitrary machine code
  in the context of the freshclam utility. The affected utility may
  run with superuser privileges, aiding remote attackers in the
  complete compromise of affected computers.

  ClamAV versions 0.88 and 0.88.1 are affected by this issue.

ETHEREAL MULTIPLE PROTOCOL DISSECTOR VULNERABILITIES IN VERSIONS PRIOR
BugTraq ID: 17682
Last Updated: 2006-05-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17682
Summary:
Several vulnerabilities in Ethereal have been disclosed by the vendor. The 
reported issues are in various protocol dissectors. These issues include:

  - Buffer-overflow vulnerabilities
  - Denial-of-service vulnerabilities
  - Infinite loop denial-of-service vulnerabilities
  - Unspecified denial-of-service vulnerabilities
  - Off-by-one overflow vulnerabilities

  These issues could allow remote attackers to execute arbitrary
  machine code in the context of the vulnerable application. Attackers
  could also crash the affected application.

  Various vulnerabilities affect different versions of Ethereal, from
  0.8.5 through to 0.10.14.

LIBTIFF DOUBLE FREE MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 17733
Last Updated: 2006-04-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17733
Summary:
  Applications using the LibTIFF library are prone to a double-free
  vulnerability; a fix is available.

  Attackers may be able to exploit this issue to cause denial-of-
  service conditions in affected applications using a vulnerable
  version of the library; arbitrary code execution may also be
  possible.

LIBTIFF MULTIPLE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17730
Last Updated: 2006-04-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17730
Summary:
  LibTIFF is affected by multiple denial-of-service vulnerabilities.

  An attacker can exploit these vulnerabilities to cause a denial of
  service in applications using the affected library.

LIBTIFF TIFFFETCHDATA INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 17732
Last Updated: 2006-04-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17732
Summary:
  Applications using the LibTIFF library are prone to an integer-
  overflow vulnerability.

  An attacker could exploit this vulnerability to execute arbitrary
  code in the context of the vulnerable application that uses the
  affected library. Failed exploit attempts will likely cause denial-of-
  service conditions.

LINUX KERNEL 64-BIT SMP ROUTING_IOCTL() LOCAL DENIAL OF SERVICE
BugTraq ID: 14902
Last Updated: 2006-04-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14902
Summary:
  A local denial-of-service vulnerability affects the Linux kernel on
  64-bit Symmetric Multi-Processor (SMP) platforms.

  Specifically, the vulnerability presents itself due to an omitted
  call to the 'sockfd_put()' function in the 32-bit-compatible
  'routing_ioctl()' function.

  The 32-bit-compatible 'tiocgdev ioctl()' function on x86-64
  platforms is affected by this issue as well.

LINUX KERNEL CIFS CHROOT SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 17742
Last Updated: 2006-04-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17742
Summary:
  The Linux Kernel is prone to a vulnerability that allows attackers
  to bypass a security restriction. This issue is due to a failure in
  the kernel to properly sanitize user-supplied data.

  The problem affects chroot inside of an SMB-mounted filesystem
  ('cifs'). A local attacker who is bounded by the chroot can exploit
  this issue to bypass the chroot restriction and gain unauthorized
  access to the filesystem.

LINUX KERNEL FIB_SEQ_START LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 13267
Last Updated: 2006-04-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/13267
Summary:
  A local denial-of-service vulnerability affects the Linux kernel.

  A local attacker may leverage this issue to cause an affected Linux
  kernel to panic, effectively denying service to legitimate users.

  Although only the Linux kernel version 2.6.9 is reported vulnerable,
  other versions are likely vulnerable as well.

LINUX KERNEL FILE LOCK LEASE LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15745
Last Updated: 2006-05-02
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15745
Summary:
  Linux kernel is susceptible to a local denial-of-service
  vulnerability.

  This issue is triggered when excessive kernel memory is consumed by
  numerous file-lock leases. This problem stems from a memory leak in
  the kernel's file-lock lease code.

  This issue allows local attackers to consume excessive kernel
  memory, eventually leading to an out-of-memory condition and
  ultimately to a denial of service for legitimate users.

  Kernel versions from 2.6.10 through to 2.6.14.2 are vulnerable to
  this issue.

LINUX KERNEL INVALIDATE_INODE_PAGES2 LOCAL INTEGER OVERFLOW
VULNERABILITY
BugTraq ID: 15846
Last Updated: 2006-05-02
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15846
Summary:
  Linux kernel is prone to a local integer-overflow vulnerability.

  A successful attack can result in a kernel crash. Arbitrary code
  execution may be possible as well, but this has not been confirmed.

  All 2.6.x versions of the Linux kernel are considered vulnerable at
  the moment.

LINUX KERNEL IPV6 LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15156
Last Updated: 2006-05-01
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15156
Summary:
  Linux Kernel is reported prone to a local denial-of-service
  vulnerability.

  This issue arises from an infinite loop when binding IPv6 UDP ports.

LINUX KERNEL IPV6 FLOWLABLE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15729
Last Updated: 2006-05-02
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15729
Summary:
  Linux Kernel is prone to a local denial-of-service vulnerability.

  Local attackers can exploit this vulnerability to corrupt kernel
  memory or free non-allocated memory. Successful exploitation will
  crash the kernel, effectively denying service to legitimate users.

LINUX KERNEL ISO FILE SYSTEM DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14614
Last Updated: 2006-04-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14614
Summary:
  The kernel driver for compressed ISO filesystems is prone to a denial-of-
  service vulnerability. This issue is due to a failure in the driver
  to properly sanitize input data.

  When attempting to mount a malicious compressed ISO image, the
  kernel crashes.

LINUX KERNEL MULTIPLE SECURITY VULNERABILITIES
BugTraq ID: 15049
Last Updated: 2006-04-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15049
Summary:
  Linux kernel is prone to multiple vulnerabilities. These issues may
  allow local and remote attackers to trigger denial-of-service
  conditions or to access sensitive kernel memory.

  Linux kernel 2.6.x versions are known to be vulnerable at the
  moment. Other versions may be affected as well.

LINUX KERNEL NAT HANDLING MEMORY CORRUPTION DENIAL OF SERVICE
BugTraq ID: 15531
Last Updated: 2006-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15531
Summary:
  Linux Kernel is reported prone to a denial-of-service vulnerability.

  Due to a design error in the kernel, an attacker can cause a memory
  corruption that will ultimately crash the kernel, denying service to
  legitimate users.

LINUX KERNEL NETFILTER IPT_RECENT REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 14791
Last Updated: 2006-04-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14791
Summary:
  Linux Kernel is reported prone to a local denial-of-service
  vulnerability.

  An attacker can exploit this issue by sending specially crafted
  packets to a vulnerable computer employing the 'ipt_recent' module.

  A successful attack can cause a denial-of-service condition.

LINUX KERNEL POSIX TIMER CLEANUP HANDLING LOCAL DENIAL OF SERVICE
BugTraq ID: 15722
Last Updated: 2006-05-02
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15722
Summary:
  A local denial-of-service vulnerability affects the Linux kernel.

  The vulnerability arises due to a race-condition error in the
  handling of POSIX timer cleanup routines.

  A successful attack can result in a kernel crash.

  Linux kernel versions 2.6.10 to 2.6.14 are vulnerable to this issue.

LINUX KERNEL PTRACE CLONE_THREAD LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15642
Last Updated: 2006-05-02
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15642
Summary:
  Linux kernel is susceptible to a local denial-of-service
  vulnerability.

  In instances where a process is created via the 'clone()' system
  call with the 'CLONE_THREAD' argument ptraced, the kernel fails to
  properly ensure that the ptracing process is not attempting to
  trace itself.

  This issue allows local users to crash the kernel, denying service
  to legitimate users.

  Kernel versions prior to 2.6.14.2 are vulnerable to this issue.

LINUX KERNEL PTRACED CHILD AUTO-REAP LOCAL DENIAL OF SERVICE
BugTraq ID: 15625
Last Updated: 2006-05-01
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15625
Summary:
  Linux kernel is susceptible to a local denial-of-service
  vulnerability.

  The kernel improperly auto-reaps processes when they are being
  ptraced, leading to an invalid pointer. Further operations on this
  pointer result in a kernel crash.

  This issue allows local users to crash the kernel, denying service
  to legitimate users.

  Kernel versions prior to 2.6.15 are vulnerable to this issue.

LINUX KERNEL RAW_SENDMSG() KERNEL MEMORY ACCESS VULNERABILITY
BugTraq ID: 14787
Last Updated: 2006-04-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14787
Summary:
  Linux Kernel is prone to a kernel memory-access vulnerability.

  This issue affects the 'raw_sendmsg()' function and can allow a
  local attacker to access kernel memory or manipulate the hardware
  state due to unauthorized access to I/O ports.

  Linux kernel 2.6.10 is reportedly vulnerable, but other versions are
  likely to be affected as well.

LINUX KERNEL SCSI PROCFS DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14790
Last Updated: 2006-04-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14790
Summary:
  The Linux kernel is prone to a denial-of-service vulnerability. The
  kernel is affected by a memory leak, which eventually can result in
  a denial of service.

  A local attacker can exploit this vulnerability by making repeated
  reads to the '/proc/scsi/sg/devices' file, which will exhaust kernel
  memory and lead to a denial of service.

LINUX KERNEL SMBFS CHROOT SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 17735
Last Updated: 2006-04-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17735
Summary:
  The Linux Kernel is prone to a vulnerability that allows attackers
  to bypass a security restriction. This issue is due to a failure in
  the kernel to properly sanitize user-supplied data.

  The problem affects chroot inside of an SMB-mounted filesystem
  ('smbfs'). A local attacker who is bounded by the chroot can exploit
  this issue to bypass the chroot restriction and gain unauthorized
  access to the filesystem.

LINUX KERNEL SENDMSG() LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14785
Last Updated: 2006-04-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14785
Summary:
  Linux kernel is prone to a local buffer-overflow vulnerability.

  The vulnerability affects 'sendmsg()' when malformed user-supplied
  data is copied from userland to kernel memory.

  A successful attack can allow a local attacker to trigger an
  overflow, which may lead to a denial-of-service condition due to
  memory corruption. Arbitrary code execution resulting in privilege
  escalation is possible as well.

LINUX KERNEL USB SUBSYSTEM LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14955
Last Updated: 2006-04-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14955
Summary:
  A local denial-of-service vulnerability affects the Linux kernel's
  USB subsystem. This issue is due to the kernel's failure to
  properly handle unexpected conditions when trying to handle URBs
  (USB Request Blocks).

  Local attackers may exploit this vulnerability to trigger a kernel
  'oops' on computers where the vulnerable USB subsystem is enabled.
  This would deny service to legitimate users.

LINUX KERNEL ZLIB INVALID MEMORY ACCESS LOCAL DENIAL OF SERVICE
BugTraq ID: 14719
Last Updated: 2006-04-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14719
Summary:
  The Linux kernel is reported prone to a local denial-of-service
  vulnerability. This issue arises because the software fails to
  handle exceptional conditions in a proper manner.

  This can allow a local attacker to deny service to legitimate
  users due to a kernel oops. Since the zlib library is used
  throughout the kernel, attackers may likely find various avenues
  to exploit this issue.

LINUX KERNEL ZLIB LOCAL NULL POINTER DEREFERENCE DENIAL OF SERVICE
BugTraq ID: 14720
Last Updated: 2006-04-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14720
Summary:
  The Linux kernel is prone to a denial-of-service vulnerability. This
  issue is due to a failure in the application to properly handle
  malformed compressed files.

  An attacker can exploit this vulnerability to cause a kernel crash,
  effectively denying service to legitimate users.

LINUX ORINOCO DRIVER REMOTE INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 15085
Last Updated: 2006-04-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15085
Summary:
  The Orinoco drivers for Linux kernels are susceptible to a remote
  information-disclosure vulnerability. This issue is due to the
  driver sending uninitialized kernel memory in small network packets.

  Remote attackers may exploit this issue to access potentially
  sensitive kernel memory, aiding them in further attacks.

MPLAYER MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 17295
Last Updated: 2006-05-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17295
Summary:
  MPlayer is susceptible to two integer-overflow vulnerabilities. An
  attacker may exploit these issues to execute arbitrary code with the
  privileges of the user that activated the vulnerable application.
  This may help the attacker gain unauthorized access or escalate
  privileges.

  MPlayer version 1.0.20060329 is affected by these issues; other
  versions may also be affected.

MOZILLA FIREFOX LARGE HISTORY FILE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15773
Last Updated: 2006-04-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15773
Summary:
  Mozilla Firefox is reportedly prone to a remote denial-of-service
  vulnerability.

  This issue presents itself when the browser handles a large entry in
  the 'history.dat' file. An attacker may trigger this issue by
  enticing a user to visit a malicious website and by supplying
  excessive data to be stored in the affected file.

  This may cause a denial-of-service condition.

  **UPDATE: Proof-of-concept exploit code has been published. The
  author of the code attributes the crash to a buffer-overflow
  condition. Symantec has not reproduced the alleged flaw.

MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
BugTraq ID: 17516
Last Updated: 2006-05-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
  The Mozilla Foundation has released nine security advisories
  specifying security vulnerabilities in Mozilla Suite, Firefox,
  SeaMonkey, and Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary machine code in the context of the vulnerable
    application
  - crash affected applications
  - gain elevated privileges in JavaScript code, potentially allowing
    remote machine code execution
  - gain access to potentially sensitive information
  - bypass security checks
  - spoof window contents.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as
  the information embargo on the Mozilla Bugzilla entries is lifted
  and as further information becomes available. This BID will then
  be retired.

  These issues are fixed in:
  - Mozilla Firefox versions 1.0.8 and 1.5.0.2
  - Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
  - Mozilla Suite version 1.7.13
  - Mozilla SeaMonkey version 1.0.1

MOZILLA THUNDERBIRD MULTIPLE REMOTE INFORMATION DISCLOSURE
VULNERABILITIES
BugTraq ID: 16881
Last Updated: 2006-04-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16881
Summary:
  Mozilla Thunderbird is susceptible to multiple remote information-
  disclosure vulnerabilities. These issues are due to the
  application's failure to properly enforce the restriction for
  downloading remote content in email messages.

  These issues allow remote attackers to gain access to potentially
  sensitive information, aiding them in further attacks. Attackers
  may also exploit these issues to know whether and when users read
  email messages.

  Mozilla Thunderbird version 1.5 is vulnerable to these issues; other
  versions may also be affected.

MULTIPLE MOZILLA PRODUCTS MEMORY CORRUPTION/CODE INJECTION/ACCESS
BugTraq ID: 16476
Last Updated: 2006-04-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
  Multiple Mozilla products are prone to multiple vulnerabilities.
  These issues include various memory-corruption, code-injection, and
  access-restriction-bypass vulnerabilities. Other undisclosed issues
  may have also been addressed in the various updated vendor
  applications.

  Successful exploitation of these issues may permit an attacker to
  execute arbitrary code in the context of the affected application.
  This may facilitate a compromise of the affected computer; other
  attacks are also possible.

MULTIPLE VENDOR UNACEV2 ARCHIVE FILE NAME BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 14759
Last Updated: 2006-05-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14759
Summary:
  Multiple products are prone to a buffer overflow when handling ACE
  archives that contain files with overly long names.

  This may be exploited to execute arbitrary code in the context of
  the user who is running the application. The vulnerability is
  considered remotely exploitable in nature because malicious ACE
  archives will likely originate from an external, untrusted source.

MYSQL REMOTE INFORMATION DISCLOSURE AND BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 17780
Last Updated: 2006-05-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities. The issues are:

  - A buffer-overflow vulnerability due to insufficient bounds-
    checking of user-supplied data prior to copying it to an
    insufficiently sized memory-buffer. This issue allows remote
    attackers to execute arbitrary machine code in the context of
    affected database servers. Failed exploit attempts likely
    result in crashing the server and denying further service to
    legitimate users.

  - Two information-disclosure vulnerabilities due to insufficient input-
    sanitization and bounds-checking of user-supplied data. These
    issues allow remote users to gain access to potentially sensitive
    information that may aid them in further attacks.

PERL PERL_SV_VCATPVFN FORMAT STRING INTEGER WRAP VULNERABILITY
BugTraq ID: 15629
Last Updated: 2006-05-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
  Perl is susceptible to a format-string vulnerability. This issue is
  due to the programming language's failure to properly handle format
  specifiers in formatted-printing functions.

  An attacker may leverage this issue to write to arbitrary process
  memory, facilitating code execution in the context of the Perl
  interpreter process. This can result in unauthorized remote access.

  Developers should treat the formatted printing functions in Perl as
  equivalently vulnerable to exploitation as the C library versions,
  and should properly sanitize all data passed in the format-
  specifier argument.

  All applications that use formatted-printing functions in an unsafe
  manner should be considered exploitable.

RSYNC RECEIVE_XATTR INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 17788
Last Updated: 2006-05-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17788
Summary:
  The rsync utility is susceptible to a remote integer-overflow
  vulnerability. This issue is due to a failure of the application to
  properly ensure that user-supplied input does not result in the
  overflowing of integer values. This may result in user-supplied data
  being copied past the end of a memory buffer.

  Attackers may exploit this issue to execute arbitrary machine code
  in the context of the affected application, facilitating in the
  compromise of affected computers.

  Versions of rsync prior to 2.6.8 that have had the 'xattrs.diff'
  patch applied are vulnerable to this issue.

RESMGR UNAUTHORIZED USB DEVICE ACCESS VULNERABILITY
BugTraq ID: 17752
Last Updated: 2006-05-02
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17752
Summary:
  The resmgr module is prone to a vulnerability that permits
  unauthorized access to USB devices.

  A successful exploit of this issue would result in a bypass of
  access controls leading to a false sense of security and a possible
  loss of confidentiality if data is intercepted; other attacks are
  also possible.

TRAC WIKI MACRO REMOTE HTML INJECTION VULNERABILITIES
BugTraq ID: 17741
Last Updated: 2006-04-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17741
Summary:
  Trac is prone to multiple, unspecified HTML-injection
  vulnerabilities.

  Attacker-supplied HTML and script code would be executed in the
  context of the affected website, potentially allowing attackers to
  steal cookie-based authentication credentials. An attacker could
  also exploit these issues to control how the site is rendered to the
  user; other attacks are also possible.

  Trac versions prior to 0.9.5. are affected by these issues.

XINE FILENAME HANDLING REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 17769
Last Updated: 2006-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17769
Summary:
  The xine package is susceptible to a remote format-string
  vulnerability.

  This issue arises when the application handles specially crafted
  filenames. An attacker can exploit this vulnerability by crafting a
  malicious filename that contains format specifiers and then coercing
  unsuspecting users to try to execute the affected application with
  the malicious filename as an argument.

  A successful attack may crash the application or lead to arbitrary
  code execution.

  Version 0.99.4 of xine is vulnerable to this issue; other versions
  may also be affected.




More information about the gull-annonces mailing list