XMMS Skins Integer Overflow And Underflow Vulnerabilities
BID:23078
Info
XMMS Skins Integer Overflow And Underflow Vulnerabilities
| Bugtraq ID: | 23078 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0653 CVE-2007-0654 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 21 2007 12:00AM |
| Updated: | Apr 13 2015 09:13PM |
| Credit: | Sven Krewitt of Secunia Research discovered this vulnerability. |
| Vulnerable: |
XMMS XMMS 1.2.10 XMMS XMMS 1.2.9 Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server SDK 9 SuSE SUSE Linux Enterprise Server 9 SP3 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 9 SuSE SUSE Linux Enterprise SDK 10 SuSE Suse Linux Enterprise Desktop 10 SuSE Linux Openexchange Server SuSE Linux Desktop 1.0 SuSE Linux Desktop 10 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. SUSE CORE 9 for x86 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Office Server S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 X86 64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 X86 64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha |
| Not Vulnerable: | |
Discussion
XMMS Skins Integer Overflow And Underflow Vulnerabilities
XMMS is prone to an integer-overflow vulnerability and an integer-underflow vulnerability because it fails to adequately handle user-supplied data.
An attacker can leverage these issues to corrupt stack-based memory and execute arbitrary code with the privileges of a user running the application. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.
Version 1.2.10 is vulnerable; other versions may also be affected.
XMMS is prone to an integer-overflow vulnerability and an integer-underflow vulnerability because it fails to adequately handle user-supplied data.
An attacker can leverage these issues to corrupt stack-based memory and execute arbitrary code with the privileges of a user running the application. A successful attack may result in the compromise of affected computers. Failed attempts will likely cause denial-of-service conditions.
Version 1.2.10 is vulnerable; other versions may also be affected.
Exploit / POC
XMMS Skins Integer Overflow And Underflow Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting user to load a maliciously crafted skin image.
Currently, we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
To exploit these issues, an attacker must entice an unsuspecting user to load a maliciously crafted skin image.
Currently, we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
XMMS Skins Integer Overflow And Underflow Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
XMMS XMMS 1.2.10
XMMS XMMS 1.2.9
Solution:
Updates are available. Please see the references for more information.
XMMS XMMS 1.2.10
-
Ubuntu xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20050209-2ubuntu2.1_amd64.deb -
Ubuntu xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20050209-2ubuntu2.1_i386.deb -
Ubuntu xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20050209-2ubuntu2.1_powerpc.deb -
Ubuntu xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20050209-2ubuntu2.1_sparc.deb -
Ubuntu xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20050809-4ubuntu5.1_amd64.deb -
Ubuntu xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20050809-4ubuntu5.1_i386.deb -
Ubuntu xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20050809-4ubuntu5.1_powerpc.deb -
Ubuntu xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20050809-4ubuntu5.1_sparc.deb -
Ubuntu xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20060429-1ubuntu2.1_amd64.deb -
Ubuntu xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20060429-1ubuntu2.1_i386.deb -
Ubuntu xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20060429-1ubuntu2.1_powerpc.deb -
Ubuntu xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs 20060429-1ubuntu2.1_sparc.deb -
Ubuntu xmms_1.2.10+cvs20050209-2ubuntu2.1_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2005 0209-2ubuntu2.1_amd64.deb -
Ubuntu xmms_1.2.10+cvs20050209-2ubuntu2.1_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2005 0209-2ubuntu2.1_i386.deb -
Ubuntu xmms_1.2.10+cvs20050209-2ubuntu2.1_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2005 0209-2ubuntu2.1_powerpc.deb -
Ubuntu xmms_1.2.10+cvs20050209-2ubuntu2.1_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2005 0209-2ubuntu2.1_sparc.deb -
Ubuntu xmms_1.2.10+cvs20050809-4ubuntu5.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2005 0809-4ubuntu5.1_amd64.deb -
Ubuntu xmms_1.2.10+cvs20050809-4ubuntu5.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2005 0809-4ubuntu5.1_i386.deb -
Ubuntu xmms_1.2.10+cvs20050809-4ubuntu5.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2005 0809-4ubuntu5.1_powerpc.deb -
Ubuntu xmms_1.2.10+cvs20050809-4ubuntu5.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2005 0809-4ubuntu5.1_sparc.deb -
Ubuntu xmms_1.2.10+cvs20060429-1ubuntu2.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2006 0429-1ubuntu2.1_amd64.deb -
Ubuntu xmms_1.2.10+cvs20060429-1ubuntu2.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2006 0429-1ubuntu2.1_i386.deb -
Ubuntu xmms_1.2.10+cvs20060429-1ubuntu2.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2006 0429-1ubuntu2.1_powerpc.deb -
Ubuntu xmms_1.2.10+cvs20060429-1ubuntu2.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs2006 0429-1ubuntu2.1_sparc.deb
XMMS XMMS 1.2.9
-
Mandriva lib64xmms1-1.2.9-5.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva lib64xmms1-devel-1.2.9-5.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva libxmms1-1.2.9-5.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva libxmms1-devel-1.2.9-5.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva xmms-1.2.9-5.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva xmms-1.2.9-5.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva xmms-alsa-1.2.9-5.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva xmms-alsa-1.2.9-5.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva xmms-diskwriter-1.2.9-5.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva xmms-diskwriter-1.2.9-5.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva xmms-esd-1.2.9-5.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva xmms-esd-1.2.9-5.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva xmms-mesa-1.2.9-5.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva xmms-mesa-1.2.9-5.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva xmms-mikmod-1.2.9-5.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download -
Mandriva xmms-mikmod-1.2.9-5.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
References
XMMS Skins Integer Overflow And Underflow Vulnerabilities
References:
References:
- Vendor Hompage (XMMS)
- XMMS Integer Overflow and Underflow Vulnerabilities (Secunia Research)