Xine Playlist Handling Remote Format String Vulnerability
BID:17579
Info
Xine Playlist Handling Remote Format String Vulnerability
| Bugtraq ID: | 17579 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1905 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2006 12:00AM |
| Updated: | Nov 30 2006 09:40PM |
| Credit: | Discovery is credited to [email protected]. |
| Vulnerable: |
xine xine 1.0.1 xine xine 1.0 xine xine 0.9.18 xine xine 0.9.13 xine xine 0.9.8 xine xine 1-rc8 xine xine 1-rc7 xine xine 1-rc6a xine xine 1-rc6 xine xine 1-rc5 xine xine 1-rc4 xine xine 1-rc3b xine xine 1-rc3a xine xine 1-rc3 xine xine 1-rc2 xine xine 1-rc1 xine xine 1-rc1 xine xine 1-rc0a xine xine 1-rc0 xine xine 1-beta9 xine xine 1-beta8 xine xine 1-beta7 xine xine 1-beta6 xine xine 1-beta5 xine xine 1-beta4 xine xine 1-beta3 xine xine 1-beta2 xine xine 1-beta12 xine xine 1-beta11 xine xine 1-beta10 xine xine 1-beta1 xine xine 1-alpha Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Gentoo Linux |
| Not Vulnerable: | |
Discussion
Xine Playlist Handling Remote Format String Vulnerability
The xine package is reported prone to a remote format-string vulnerability.
This issue arises when the application handles specially crafted playlist files. An attacker can exploit this vulnerability by crafting a malicious file that contains format specifiers and then sending the file to an unsuspecting user.
A successful attack may crash the application or lead to arbitrary code execution.
All versions of xine are considered vulnerable at the moment.
The xine package is reported prone to a remote format-string vulnerability.
This issue arises when the application handles specially crafted playlist files. An attacker can exploit this vulnerability by crafting a malicious file that contains format specifiers and then sending the file to an unsuspecting user.
A successful attack may crash the application or lead to arbitrary code execution.
All versions of xine are considered vulnerable at the moment.
Exploit / POC
Xine Playlist Handling Remote Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following playlist file is sufficient to trigger this issue:
#EXTM3U
#EXTINFO !!All_You_Playlists_Are_Belong_To_Us - SHHEEEELLLLCCCCOOOOOODDDDDDEEEEEEEEEEE!!
AAAAAAAAAAA%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%.13068u%n%hn
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
The following playlist file is sufficient to trigger this issue:
#EXTM3U
#EXTINFO !!All_You_Playlists_Are_Belong_To_Us - SHHEEEELLLLCCCCOOOOOODDDDDDEEEEEEEEEEE!!
AAAAAAAAAAA%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%.13068u%n%hn
Solution / Fix
Xine Playlist Handling Remote Format String Vulnerability
Solution:
Please see the referenced advisories for further information on obtaining third-party vendor fixes.
Currently we are not aware of any official vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Please see the referenced advisories for further information on obtaining third-party vendor fixes.
Currently we are not aware of any official vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Xine Playlist Handling Remote Format String Vulnerability
References:
References: