XV File Name Handling Remote Format String Vulnerability
BID:12725
Info
XV File Name Handling Remote Format String Vulnerability
| Bugtraq ID: | 12725 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0665 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 04 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery is credited to Tavis Ormandy. |
| Vulnerable: |
SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 SuSE Linux 7.3 sparc SuSE Linux 7.3 ppc SuSE Linux 7.3 i386 SuSE Linux 7.3 SuSE Linux 7.2 i386 SuSE Linux 7.2 SuSE Linux 7.1 x86 SuSE Linux 7.1 sparc SuSE Linux 7.1 ppc SuSE Linux 7.1 alpha SuSE Linux 7.1 SuSE Linux 7.0 sparc SuSE Linux 7.0 ppc SuSE Linux 7.0 i386 SuSE Linux 7.0 alpha SuSE Linux 7.0 SuSE Linux 6.4 ppc SuSE Linux 6.4 i386 SuSE Linux 6.4 alpha SuSE Linux 6.4 SuSE Linux 6.3 ppc SuSE Linux 6.3 alpha SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 alpha SuSE Linux 6.1 SuSE Linux 6.0 SuSE Linux 5.3 SuSE Linux 5.2 SuSE Linux 5.1 SuSE Linux 5.0 SuSE Linux 4.4.1 SuSE Linux 4.4 SuSE Linux 4.3 SuSE Linux 4.2 SuSE Linux 4.0 SuSE Linux 3.0 SuSE Linux 2.0 SuSE Linux 1.0 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 John Bradley XV 3.10 a |
| Not Vulnerable: | |
Discussion
XV File Name Handling Remote Format String Vulnerability
xv is reported prone to a remote format string vulnerability. This issue presents itself because the application fails to properly sanitize user-supplied input prior to passing it as the format specifier to a formatted printing function.
Reportedly, this issue arises when the application handles malformed file names. A successful attack may result in crashing the application or lead to arbitrary code execution.
xv 3.10a is reported vulnerable; it is likely that other versions are also affected.
xv is reported prone to a remote format string vulnerability. This issue presents itself because the application fails to properly sanitize user-supplied input prior to passing it as the format specifier to a formatted printing function.
Reportedly, this issue arises when the application handles malformed file names. A successful attack may result in crashing the application or lead to arbitrary code execution.
xv 3.10a is reported vulnerable; it is likely that other versions are also affected.
Exploit / POC
XV File Name Handling Remote Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
XV File Name Handling Remote Format String Vulnerability
Solution:
Gentoo has released advisory GLSA 200503-09 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r10"
SUSE has released an advisory SUSE-SR:2005:008 to address various security issues affecting SUSE products. Please see the referenced advisory for more information.
Slackware Linux has released advisory SSA:2005-195-02, along with fixes to address various issues. Please see the referenced advisory for further information.
John Bradley XV 3.10 a
Solution:
Gentoo has released advisory GLSA 200503-09 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r10"
SUSE has released an advisory SUSE-SR:2005:008 to address various security issues affecting SUSE products. Please see the referenced advisory for more information.
Slackware Linux has released advisory SSA:2005-195-02, along with fixes to address various issues. Please see the referenced advisory for further information.
John Bradley XV 3.10 a
-
Slackware xv-3.10a-i386-4.tgz
Slackware 8.1
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/x v-3.10a-i386-4.tgz -
Slackware xv-3.10a-i386-4.tgz
Slackware 9.0
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/x v-3.10a-i386-4.tgz -
Slackware xv-3.10a-i486-4.tgz
Slackware 10.0
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ xv-3.10a-i486-4.tgz -
Slackware xv-3.10a-i486-4.tgz
Slackware 10.1
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ xv-3.10a-i486-4.tgz -
Slackware xv-3.10a-i486-4.tgz
Slackware 9.1
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/x v-3.10a-i486-4.tgz -
Slackware xv-3.10a-i486-4.tgz
Slackware -current
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/ xv-3.10a-i486-4.tgz -
SuSE xv-3.10a-1053.9.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/xv-3.10a-1053.9.i 586.rpm -
SuSE xv-3.10a-1053.9.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/xv-3.10a-1053 .9.x86_64.rpm -
SuSE xv-3.10a-1062.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xv-3.10a-1062.2.i 586.rpm -
SuSE xv-3.10a-1062.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/xv-3.10a-1062 .2.x86_64.rpm -
SuSE xv-3.10a-1067.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/xv-3.10a-1067.i58 6.rpm -
SuSE xv-3.10a-1067.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/xv-3.10a-1067.i58 6.rpm -
SuSE xv-3.10a-1067.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/xv-3.10a-1067 .x86_64.rpm