Xine M3U Remote Format String Vulnerability
BID:22252
Info
Xine M3U Remote Format String Vulnerability
| Bugtraq ID: | 22252 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0255 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 26 2007 12:00AM |
| Updated: | Aug 10 2007 07:24PM |
| Credit: | Sven Czaja is credited with the discovery of this vulnerability. |
| Vulnerable: |
xine xine-ui 0.99.4 xine xine-ui 0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 |
| Not Vulnerable: | |
Discussion
Xine M3U Remote Format String Vulnerability
The 'xine' program is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.
This issue may be related to the vulnerability discussed in BID 21852 (VideoLan VLC Media Player Remote Format String Vulnerability); this has not been confirmed.
The 'xine' program is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.
This issue may be related to the vulnerability discussed in BID 21852 (VideoLan VLC Media Player Remote Format String Vulnerability); this has not been confirmed.
Exploit / POC
Xine M3U Remote Format String Vulnerability
To exploit this issue, an attacker must entice a victim user to open a malicious media file.
The following proof of concept is available:
To exploit this issue, an attacker must entice a victim user to open a malicious media file.
The following proof of concept is available:
Solution / Fix
Xine M3U Remote Format String Vulnerability
Solution:
Please see the referenced advisories for details on obtaining and applying the appropriate updates.
Solution:
Please see the referenced advisories for details on obtaining and applying the appropriate updates.
References
Xine M3U Remote Format String Vulnerability
References:
References:
- VLC Format String Vulnerability also in XINE (Sven Czaja)
- xine Homepage (xine)