Vulnerabilities > CVE-2006-4799 - Unspecified vulnerability in Xine Xine-Lib 1.0.1/1.0.2/1.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-358-1.NASL description XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers. By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user last seen 2020-06-01 modified 2020-06-02 plugin id 27938 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27938 title Ubuntu 5.04 / 5.10 / 6.06 LTS : ffmpeg, xine-lib vulnerabilities (USN-358-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-358-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27938); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2006-4799", "CVE-2006-4800"); script_xref(name:"USN", value:"358-1"); script_name(english:"Ubuntu 5.04 / 5.10 / 6.06 LTS : ffmpeg, xine-lib vulnerabilities (USN-358-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers. By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user's privileges. (CVE-2006-4799) Multiple integer overflows were discovered in ffmpeg and tools that contain a copy of ffmpeg (like xine-lib and kino), for several types of video formats. By tricking a user into running a video player that uses ffmpeg on a stream with malicious content, an attacker could execute arbitrary code with the target user's privileges. (CVE-2006-4800). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/358-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ffmpeg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kino"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavcodec-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavformat-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpostproc-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine-main1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxine1c2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04|5\.10|6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10 / 6.06", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"ffmpeg", pkgver:"0.cvs20050121-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"kino", pkgver:"0.75-6ubuntu0.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libavcodec-dev", pkgver:"3:0.cvs20050121-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libavformat-dev", pkgver:"0.cvs20050121-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libpostproc-dev", pkgver:"0.cvs20050121-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxine-dev", pkgver:"1.0-1ubuntu3.9")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxine1", pkgver:"1.0-1ubuntu3.9")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ffmpeg", pkgver:"0.cvs20050918-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libavcodec-dev", pkgver:"3:0.cvs20050918-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libavformat-dev", pkgver:"0.cvs20050918-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libpostproc-dev", pkgver:"0.cvs20050918-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libxine-dev", pkgver:"1.0.1-1ubuntu10.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libxine1c2", pkgver:"1.0.1-1ubuntu10.5")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ffmpeg", pkgver:"0.cvs20050918-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libavcodec-dev", pkgver:"3:0.cvs20050918-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libavformat-dev", pkgver:"0.cvs20050918-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libpostproc-dev", pkgver:"0.cvs20050918-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libxine-dev", pkgver:"1.1.1+ubuntu2-7.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libxine-main1", pkgver:"1.1.1+ubuntu2-7.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ffmpeg / kino / libavcodec-dev / libavformat-dev / libpostproc-dev / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1215.NASL description Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4799 The XFocus Security Team discovered that insufficient validation of AVI headers may lead to the execution of arbitrary code. - CVE-2006-4800 Michael Niedermayer discovered that a buffer overflow in the 4XM codec may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 23701 published 2006-11-22 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23701 title Debian DSA-1215-1 : xine-lib - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_XINE-LIB-2308.NASL description Multiple buffer overflows were fixed in the XINE decoder libraries, which could be used by attackers to crash players or potentially execute code. CVE-2006-4799: Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and last seen 2020-06-01 modified 2020-06-02 plugin id 27485 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27485 title openSUSE 10 Security Update : xine-lib (xine-lib-2308) NASL family SuSE Local Security Checks NASL id SUSE_XINE-LIB-2307.NASL description Multiple buffer overflows were fixed in the XINE decoder libraries, which could be used by attackers to crash players or potentially execute code. - Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and last seen 2020-06-01 modified 2020-06-02 plugin id 29598 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29598 title SuSE 10 Security Update : xine-lib (ZYPP Patch Number 2307) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-09.NASL description The remote host is affected by the vulnerability described in GLSA-200609-09 (FFmpeg: Buffer overflows) FFmpeg contains buffer overflows in the AVI processing code. Impact : An attacker could trigger the buffer overflows by enticing a user to load a specially crafted AVI file in an application using the FFmpeg library. This might result in the execution of arbitrary code in the context of the running application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22354 published 2006-09-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22354 title GLSA-200609-09 : FFmpeg: Buffer overflows
References
- http://secunia.com/advisories/22230
- http://secunia.com/advisories/23010
- http://secunia.com/advisories/23213
- http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://www.ubuntu.com/usn/usn-358-1
- http://www.us.debian.org/security/2006/dsa-1215
- http://xinehq.de/index.php/news