Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2008:178 | First vendor Publication | 2008-08-20 |
Vendor | Mandriva | Last vendor Modification | 2008-08-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program (CVE-2008-0073). The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program (CVE-2008-1110). The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file (CVE-2008-1161). Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program (CVE-2008-1482). Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title (CVE-2008-1878). The updated packages have been patched to correct this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:178 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17590 | |||
Oval ID: | oval:org.mitre.oval:def:17590 | ||
Title: | USN-635-1 -- xine-lib vulnerabilities | ||
Description: | Alin Rad Pop discovered an array index vulnerability in the SDP parser. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-635-1 CVE-2008-0073 CVE-2008-0225 CVE-2008-0238 CVE-2008-0486 CVE-2008-1110 CVE-2008-1161 CVE-2008-1482 CVE-2008-1686 CVE-2008-1878 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | xine-lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18522 | |||
Oval ID: | oval:org.mitre.oval:def:18522 | ||
Title: | DSA-1536-1 xine-lib - several vulnerabilities | ||
Description: | Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1536-1 CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486 CVE-2008-1161 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xine-lib |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18584 | |||
Oval ID: | oval:org.mitre.oval:def:18584 | ||
Title: | DSA-1586-1 xine-lib - multiple vulnerabilities | ||
Description: | Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1586-1 CVE-2008-1482 CVE-2008-1686 CVE-2008-1878 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xine-lib |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7757 | |||
Oval ID: | oval:org.mitre.oval:def:7757 | ||
Title: | DSA-1536 xine-lib -- several vulnerabilities | ||
Description: | Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems: The DMO_VideoDecoder_Open function does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code (applies to sarge only). Array index error in the sdpplin_parse function allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. Array index vulnerability in libmpdemux/demux_audio.c might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow (applies to etch only). Buffer overflow in the Matroska demuxer allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1536 CVE-2007-1246 CVE-2007-1387 CVE-2008-0073 CVE-2008-0486 CVE-2008-1161 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | xine-lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7965 | |||
Oval ID: | oval:org.mitre.oval:def:7965 | ||
Title: | DSA-1586 xine-lib -- multiple vulnerabilities | ||
Description: | Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. The Common Vulnerabilities and Exposures project identifies the following three problems: Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. These weaknesses allow an attacker to overflow heap buffers and potentially execute arbitrary code by supplying a maliciously crafted file of those types. Insufficient input validation in the Speex implementation used by this version of xine enables an invalid array access and the execution of arbitrary code by supplying a maliciously crafted Speex file. Inadequate bounds checking in the NES Sound Format (NSF) demuxer enables a stack buffer overflow and the execution of arbitrary code through a maliciously crafted NSF file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1586 CVE-2008-1482 CVE-2008-1686 CVE-2008-1878 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xine-lib |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2008-03-25 | MPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for mplayer MDVSA-2008:219 (mplayer) File : nvt/gb_mandriva_MDVSA_2008_219.nasl |
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:178 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_178.nasl |
2009-04-09 | Name : Mandriva Update for xine-lib MDVSA-2008:177 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_177.nasl |
2009-03-23 | Name : Ubuntu Update for xine-lib vulnerabilities USN-635-1 File : nvt/gb_ubuntu_USN_635_1.nasl |
2009-02-17 | Name : Fedora Update for xine-lib FEDORA-2008-3326 File : nvt/gb_fedora_2008_3326_xine-lib_fc7.nasl |
2009-02-17 | Name : Fedora Update for xine-lib FEDORA-2008-3353 File : nvt/gb_fedora_2008_3353_xine-lib_fc8.nasl |
2009-02-17 | Name : Fedora Update for xine-lib FEDORA-2008-7572 File : nvt/gb_fedora_2008_7572_xine-lib_fc8.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-2569 File : nvt/gb_fedora_2008_2569_xine-lib_fc8.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-2849 File : nvt/gb_fedora_2008_2849_xine-lib_fc8.nasl |
2009-02-16 | Name : Fedora Update for xine-lib FEDORA-2008-2945 File : nvt/gb_fedora_2008_2945_xine-lib_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-01 (xine-lib) File : nvt/glsa_200808_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-25 (vlc) File : nvt/glsa_200804_25.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1586-1 (xine-lib) File : nvt/deb_1586_1.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1543-1 (vlc) File : nvt/deb_1543_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1536-1 (xine-lib) File : nvt/deb_1536_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-092-01 xine-lib File : nvt/esoft_slk_ssa_2008_092_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-089-03 xine-lib File : nvt/esoft_slk_ssa_2008_089_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44450 | xine-lib NSF src/demuxers/demux_nsf.c demux_nsf_send_chunk Function Remote Ov... |
43532 | xine-lib src/demuxers/demux_film.c Film File Handling Remote Overflow |
43531 | xine-lib src/demuxers/ebml.c EBML File Handling Remote Overflow |
43530 | xine-lib src/demuxers/demux_wc3movie.c WC3 Movie File Handling Remote Overflow |
43529 | xine-lib src/demuxers/demux_real.c Real File Handling Remote Overflow |
43528 | xine-lib src/demuxers/demux_qt.c QT File Handling Remote Overflow |
43527 | xine-lib src/demuxers/demux_flv.c FLV Handling Overflow |
43436 | xine-lib sdpplin_parse() Function Array Indexing |
43119 | xine-lib Matroska Demuxer demuxers/demux_matroska.c Frame Size Handling Remot... |
42658 | xineplug_dmx_asf.so Plugin for xine-lib demuxers/demux_asf.c Crafted ASF Head... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5304.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-219.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-178.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-177.nasl - Type : ACT_GATHER_INFO |
2008-09-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-7572.nasl - Type : ACT_GATHER_INFO |
2008-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-635-1.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-01.nasl - Type : ACT_GATHER_INFO |
2008-05-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1586.nasl - Type : ACT_GATHER_INFO |
2008-05-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5205.nasl - Type : ACT_GATHER_INFO |
2008-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5204.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3326.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3353.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-25.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1543.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Windows host contains a media player that is affected by several v... File : vlc_0_8_6f.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2945.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2849.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5137.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5139.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-092-01.nasl - Type : ACT_GATHER_INFO |
2008-04-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5116.nasl - Type : ACT_GATHER_INFO |
2008-04-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1536.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5113.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-089-03.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2569.nasl - Type : ACT_GATHER_INFO |
2008-02-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200802-12.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:39:37 |
|