Executive Summary
Summary | |
---|---|
Title | New xine-lib packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1472 | First vendor Publication | 2008-01-21 |
Vendor | Debian | Last vendor Modification | 2008-01-21 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 6.4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code. For the unstable distribution (sid), this problem will be fixed soon. For the testing distribution (lenny), this problem has been fixed in version 1.1.8-3+lenny1. For the stable distribution (etch), this problem has been fixed in version 1.1.2+dfsg-5. For the old stable distribution (sarge), this problem has been fixed in version 1.0.1-1sarge6. We recommend that you upgrade your xine-lib packages. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1472 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7756 | |||
Oval ID: | oval:org.mitre.oval:def:7756 | ||
Title: | DSA-1472 xine-lib -- buffer overflow | ||
Description: | Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1472 CVE-2008-0225 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | xine-lib |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:020 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_020.nasl |
2009-04-09 | Name : Mandriva Update for mplayer MDVSA-2008:045 (mplayer) File : nvt/gb_mandriva_MDVSA_2008_045.nasl |
2009-03-23 | Name : Ubuntu Update for xine-lib vulnerabilities USN-635-1 File : nvt/gb_ubuntu_USN_635_1.nasl |
2009-02-17 | Name : Fedora Update for xine-lib FEDORA-2008-0718 File : nvt/gb_fedora_2008_0718_xine-lib_fc8.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200801-12 (xine-lib) File : nvt/glsa_200801_12.nasl |
2008-09-04 | Name : FreeBSD Ports: libxine File : nvt/freebsd_libxine6.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1472-1 (xine-lib) File : nvt/deb_1472_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42195 | xine-lib input/libreal/rmff.c rmff_dump_cont Function RTSP Session SDP Abstra... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-020.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-045.nasl - Type : ACT_GATHER_INFO |
2008-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-635-1.nasl - Type : ACT_GATHER_INFO |
2008-01-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200801-12.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1472.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-4916.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-4917.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-4926.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_02eedd3cc6b511dc93b6000e35248ad7.nasl - Type : ACT_GATHER_INFO |
2008-01-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0718.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:15 |
|