Vulnerabilities > CVE-2005-1692 - Unspecified vulnerability in Xine Gxine
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN xine
nessus
Summary
Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-203-04.NASL description New gxine packages are available for Slackware 10.0, 10.1, and -current to fix a format string security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19855 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19855 title Slackware 10.0 / 10.1 / current : gxine format string vulnerability (SSA:2005-203-04) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200505-19.NASL description The remote host is affected by the vulnerability described in GLSA-200505-19 (gxine: Format string vulnerability) Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. Impact : A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 18383 published 2005-05-28 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18383 title GLSA-200505-19 : gxine: Format string vulnerability
References
- http://www.securityfocus.com/bid/13707
- http://secunia.com/advisories/15451
- http://www.0xbadexworm.org/adv/gxinefmt.txt
- http://security.gentoo.org/glsa/glsa-200505-19.xml
- http://www.osvdb.org/16747
- http://cvs.sourceforge.net/viewcvs.py/xine/gnome-xine/ChangeLog?rev=HEAD&content-type=text/vnd.viewcvs-markup
- http://www.vupen.com/english/advisories/2005/0626
- http://marc.info/?l=bugtraq&m=111670637812128&w=2