Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
BID:21435
Info
Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 21435 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 04 2006 12:00AM |
| Updated: | Jul 05 2016 10:21PM |
| Credit: | Roland Kay is credited with the discovery of this vulnerability. |
| Vulnerable: |
xine xine-lib 1.1.1 xine xine-lib 1.1 xine xine-lib 1.0.2 xine xine-lib 1.0.1 xine xine-lib 1.0 xine xine-lib 0.99 xine xine-lib 0.9.13 xine xine-lib 0.9.8 xine xine-lib 1-rc8 xine xine-lib 1-rc7 xine xine-lib 1-rc6a xine xine-lib 1-rc6 xine xine-lib 1-rc5 xine xine-lib 1-rc4 xine xine-lib 1-rc3c xine xine-lib 1-rc3b xine xine-lib 1-rc3a xine xine-lib 1-rc3 xine xine-lib 1-rc2 xine xine-lib 1-rc1 xine xine-lib 1-rc0 xine xine-lib 1-beta9 xine xine-lib 1-beta8 xine xine-lib 1-beta7 xine xine-lib 1-beta6 xine xine-lib 1-beta5 xine xine-lib 1-beta4 xine xine-lib 1-beta3 xine xine-lib 1-beta2 xine xine-lib 1-beta12 xine xine-lib 1-beta11 xine xine-lib 1-beta10 xine xine-lib 1-beta1 xine xine-lib 1-alpha Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise Desktop 10 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Desktop 1.0 MPlayer MPlayer 1.0.20060329 MPlayer MPlayer 1.0 pre6-r4 MPlayer MPlayer 1.0 pre6-3.3.5-20050130 MPlayer MPlayer 1.0 pre6 MPlayer MPlayer 1.0 pre5try2 MPlayer MPlayer 1.0 pre5try1 MPlayer MPlayer 1.0 pre5 MPlayer MPlayer 1.0 pre4 MPlayer MPlayer 1.0 pre3try2 MPlayer MPlayer 1.0 pre3 MPlayer MPlayer 1.0 pre2 MPlayer MPlayer 1.0 pre1 MPlayer MPlayer 0.92.1 MPlayer MPlayer 0.92 MPlayer MPlayer 0.91 MPlayer MPlayer 0.90 rc series MPlayer MPlayer 0.90 pre series MPlayer MPlayer 0.90 MPlayer MPlayer 0.9 0rc4 MPlayer MPlayer 1.0pre7try2 MPlayer MPlayer 1.0 MPlayer MPlayer 0_92 CVS Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
The 'xine-lib' library running on Real media is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.
The 'xine-lib' library running on Real media is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.
Exploit / POC
Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious data stream.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious data stream.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
Solution:
The vendor has released an update addressing this issue. Please contact the vendor for information on how to obtain and apply this update.
MPlayer MPlayer 1.0pre7try2
MPlayer MPlayer 1.0
MPlayer MPlayer 0.90 pre series
MPlayer MPlayer 0.90 rc series
MPlayer MPlayer 0.92
MPlayer MPlayer 0.92.1
MPlayer MPlayer 1.0 pre3
MPlayer MPlayer 1.0 pre6-3.3.5-20050130
MPlayer MPlayer 1.0 pre6-r4
MPlayer MPlayer 1.0 pre5try2
MPlayer MPlayer 1.0 pre5try1
MPlayer MPlayer 1.0 pre4
MPlayer MPlayer 1.0 pre5
MPlayer MPlayer 1.0 pre6
xine xine-lib 1.0.1
MPlayer MPlayer 1.0.20060329
Solution:
The vendor has released an update addressing this issue. Please contact the vendor for information on how to obtain and apply this update.
MPlayer MPlayer 1.0pre7try2
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 1.0
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 0.90 pre series
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 0.90 rc series
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 0.92
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 0.92.1
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 1.0 pre3
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 1.0 pre6-3.3.5-20050130
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 1.0 pre6-r4
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 1.0 pre5try2
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 1.0 pre5try1
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 1.0 pre4
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 1.0 pre5
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
MPlayer MPlayer 1.0 pre6
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
xine xine-lib 1.0.1
-
Debian libxine-dev_1.0.1-1sarge5_alpha.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_alpha.deb -
Debian libxine-dev_1.0.1-1sarge5_amd64.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_amd64.deb -
Debian libxine-dev_1.0.1-1sarge5_arm.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_arm.deb -
Debian libxine-dev_1.0.1-1sarge5_hppa.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_hppa.deb -
Debian libxine-dev_1.0.1-1sarge5_i386.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_i386.deb -
Debian libxine-dev_1.0.1-1sarge5_ia64.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_ia64.deb -
Debian libxine-dev_1.0.1-1sarge5_m68k.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_m68k.deb -
Debian libxine-dev_1.0.1-1sarge5_mips.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_mips.deb -
Debian libxine-dev_1.0.1-1sarge5_mipsel.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_mipsel.deb -
Debian libxine-dev_1.0.1-1sarge5_powerpc.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_powerpc.deb -
Debian libxine-dev_1.0.1-1sarge5_s390.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_s390.deb -
Debian libxine-dev_1.0.1-1sarge5_sparc.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1. 0.1-1sarge5_sparc.deb -
Debian libxine1_1.0.1-1sarge5_alpha.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_alpha.deb -
Debian libxine1_1.0.1-1sarge5_amd64.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_amd64.deb -
Debian libxine1_1.0.1-1sarge5_arm.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_arm.deb -
Debian libxine1_1.0.1-1sarge5_hppa.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_hppa.deb -
Debian libxine1_1.0.1-1sarge5_i386.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_i386.deb -
Debian libxine1_1.0.1-1sarge5_ia64.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_ia64.deb -
Debian libxine1_1.0.1-1sarge5_m68k.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_m68k.deb -
Debian libxine1_1.0.1-1sarge5_mips.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_mips.deb -
Debian libxine1_1.0.1-1sarge5_mipsel.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_mipsel.deb -
Debian libxine1_1.0.1-1sarge5_powerpc.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_powerpc.deb -
Debian libxine1_1.0.1-1sarge5_s390.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_s390.deb -
Debian libxine1_1.0.1-1sarge5_sparc.deb
Debian GNU/Linux 3.1 (sarge)
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1 -1sarge5_sparc.deb
MPlayer MPlayer 1.0.20060329
-
MPlayer asmrules_fix_20061231.diff
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
References
Xine-Lib RuleMatches Remote Buffer Overflow Vulnerability
References:
References: