Vulnerabilities > CVE-2005-2967 - Remote CDDB Information Format String vulnerability in Xine-Lib
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | xine-lib <= 1.1 (media player library) Remote Format String Exploit. CVE-2005-2967. Remote exploit for linux platform |
| id | EDB-ID:1242 |
| last seen | 2016-01-31 |
| modified | 2005-10-10 |
| published | 2005-10-10 |
| reporter | Ulf Harnhammar |
| source | https://www.exploit-db.com/download/1242/ |
| title | xine-lib <= 1.1 media player library Remote Format String Exploit |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3BC5691E38DD11DA92F5020039488E34.NASL description Gentoo Linux Security Advisory reports : Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents. An attacker could submit malicious information about an audio CD to a public CDDB server (or impersonate a public CDDB server). When the victim plays this CD on a multimedia frontend relying on xine-lib, it could end up executing arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 21415 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21415 title FreeBSD : libxine -- format string vulnerability (3bc5691e-38dd-11da-92f5-020039488e34) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(21415); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:37"); script_cve_id("CVE-2005-2967"); script_name(english:"FreeBSD : libxine -- format string vulnerability (3bc5691e-38dd-11da-92f5-020039488e34)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Gentoo Linux Security Advisory reports : Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents. An attacker could submit malicious information about an audio CD to a public CDDB server (or impersonate a public CDDB server). When the victim plays this CD on a multimedia frontend relying on xine-lib, it could end up executing arbitrary code." ); # http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200510-08" ); # http://xinehq.de/index.php/security/XSA-2005-1 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e143d4c9" ); # https://vuxml.freebsd.org/freebsd/3bc5691e-38dd-11da-92f5-020039488e34.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?00e94364" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libxine"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/08"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"libxine<1.1.0_1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-180.NASL description When playing an Audio CD, a xine-lib based media application contacts a CDDB server to retrieve metadata like the title and artist last seen 2020-06-01 modified 2020-06-02 plugin id 20040 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20040 title Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:180) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:180. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(20040); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2005-2967"); script_xref(name:"MDKSA", value:"2005:180"); script_name(english:"Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:180)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "When playing an Audio CD, a xine-lib based media application contacts a CDDB server to retrieve metadata like the title and artist's name. During processing of this data, a response from the server, which is located in memory on the stack, is passed to the fprintf() function as a format string. An attacker can set up a malicious CDDB server and trick the client into using this server instead of the pre- configured one. Alternatively, any user and therefore the attacker can modify entries in the official CDDB server. Using this format string vulnerability, attacker-chosen data can be written to an attacker-chosen memory location. This allows the attacker to alter the control flow and to execute malicious code with the permissions of the user running the application. This problem was reported by Ulf Harnhammar from the Debian Security Audit Project. The updated packages have been patched to correct this problem." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xine1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xine1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxine1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxine1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-aa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-arts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-dxr3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-esd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-flac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-gnomevfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-polyp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-smb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64xine1-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64xine1-devel-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libxine1-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libxine1-devel-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"xine-aa-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"xine-arts-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"xine-dxr3-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"xine-esd-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"xine-flac-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"xine-gnomevfs-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"xine-plugins-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64xine1-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64xine1-devel-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libxine1-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libxine1-devel-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"xine-aa-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"xine-arts-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"xine-dxr3-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"xine-esd-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"xine-flac-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"xine-gnomevfs-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"xine-plugins-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"xine-polyp-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"xine-smb-1.0-8.2.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64xine1-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64xine1-devel-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libxine1-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libxine1-devel-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-aa-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-arts-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-dxr3-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-esd-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-flac-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-gnomevfs-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-image-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-plugins-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-polyp-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xine-smb-1.1.0-8.1.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-283-01.NASL description New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A format string bug may allow the execution of arbitrary code as the user running a xine-lib linked application. The attacker must provide (by uploading or running a server) specially crafted CDDB information and then get the user to play the referenced audio CD. The official Xine advisory may be found here: http://xinehq.de/index.php/security/XSA-2005-1 last seen 2020-06-01 modified 2020-06-02 plugin id 19952 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19952 title Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : xine-lib (SSA:2005-283-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2005-283-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(19952); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2005-2967"); script_xref(name:"SSA", value:"2005-283-01"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : xine-lib (SSA:2005-283-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A format string bug may allow the execution of arbitrary code as the user running a xine-lib linked application. The attacker must provide (by uploading or running a server) specially crafted CDDB information and then get the user to play the referenced audio CD. The official Xine advisory may be found here: http://xinehq.de/index.php/security/XSA-2005-1" ); # http://xinehq.de/index.php/security/XSA-2005-1 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e143d4c9" ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f3bc4de7" ); script_set_attribute( attribute:"solution", value:"Update the affected xine-lib package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:xine-lib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/11"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"9.1", pkgname:"xine-lib", pkgver:"1rc4", pkgarch:"i686", pkgnum:"2")) flag++; if (slackware_check(osver:"10.0", pkgname:"xine-lib", pkgver:"1.0.3a", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"10.1", pkgname:"xine-lib", pkgver:"1.0.3a", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"10.2", pkgname:"xine-lib", pkgver:"1.0.3a", pkgarch:"i686", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"xine-lib", pkgver:"1.0.3a", pkgarch:"i686", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-863.NASL description Ulf Harnhammar from the Debian Security Audit Project discovered a format string vulnerability in the CDDB processing component of xine-lib, the xine video/media player library, that could lead to the execution of arbitrary code caused by a malicious CDDB entry. last seen 2020-06-01 modified 2020-06-02 plugin id 20018 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20018 title Debian DSA-863-1 : xine-lib - format string vulnerability NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200510-08.NASL description The remote host is affected by the vulnerability described in GLSA-200510-08 (xine-lib: Format string vulnerability) Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents. Impact : An attacker could submit malicious information about an audio CD to a public CDDB server (or impersonate a public CDDB server). When the victim plays this CD on a multimedia frontend relying on xine-lib, it could end up executing arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19978 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19978 title GLSA-200510-08 : xine-lib: Format string vulnerability NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-196-1.NASL description Ulf Harnhammar discovered a format string vulnerability in the CDDB module last seen 2020-06-01 modified 2020-06-02 plugin id 20610 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20610 title Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/40524/xine-cddb-server.pl.txt |
| id | PACKETSTORM:40524 |
| last seen | 2016-12-05 |
| published | 2005-10-08 |
| reporter | Ulf Harnhammar |
| source | https://packetstormsecurity.com/files/40524/xine-cddb-server.pl.txt.html |
| title | xine-cddb-server.pl.txt |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html
- http://secunia.com/advisories/17097
- http://secunia.com/advisories/17099/
- http://secunia.com/advisories/17111
- http://secunia.com/advisories/17132
- http://secunia.com/advisories/17162
- http://secunia.com/advisories/17179
- http://secunia.com/advisories/17282
- http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454
- http://www.debian.org/security/2005/dsa-863
- http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:180
- http://www.novell.com/linux/security/advisories/2005_24_sr.html
- http://www.osvdb.org/19892
- http://www.securityfocus.com/bid/15044
- http://www.ubuntu.com/usn/usn-196-1
- http://xinehq.de/index.php/security/XSA-2005-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22545