exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2005.180

Mandriva Linux Security Advisory 2005.180
Posted Oct 12, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - When playing an Audio CD, a xine-lib based media application contacts a CDDB server to retrieve metadata like the title and artist's name. During processing of this data, a response from the server, which is located in memory on the stack, is passed to the fprintf() function as a format string. An attacker can set up a malicious CDDB server and trick the client into using this server instead of the pre- configured one. Alternatively, any user and therefore the attacker can modify entries in the official CDDB server. Using this format string vulnerability, attacker-chosen data can be written to an attacker-chosen memory location. This allows the attacker to alter the control flow and to execute malicious code with the permissions of the user running the application.

tags | advisory
systems | linux, mandriva
SHA-256 | aa30859c0d6a7f47a28e0c687d6bf26f4f312e6ce94df28dde0c1458613a57d0

Mandriva Linux Security Advisory 2005.180

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: xine-lib
Advisory ID: MDKSA-2005:180
Date: October 11th, 2005

Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0
______________________________________________________________________

Problem Description:

When playing an Audio CD, a xine-lib based media application contacts
a CDDB server to retrieve metadata like the title and artist's name.
During processing of this data, a response from the server, which is
located in memory on the stack, is passed to the fprintf() function
as a format string. An attacker can set up a malicious CDDB server
and trick the client into using this server instead of the pre-
configured one. Alternatively, any user and therefore the attacker can
modify entries in the official CDDB server. Using this format string
vulnerability, attacker-chosen data can be written to an attacker-chosen
memory location. This allows the attacker to alter the control flow
and to execute malicious code with the permissions of the user running
the application.

This problem was reported by Ulf Harnhammar from the Debian Security
Audit Project.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2967
http://xinehq.de/index.php/security/XSA-2005-1
______________________________________________________________________

Updated Packages:

Mandrivalinux 10.1:
3f07ca856ac1574af04fbe1b27ee965e 10.1/RPMS/libxine1-1-0.rc5.9.3.101mdk.i586.rpm
023408c3ee89298c373a3a6927a3061e 10.1/RPMS/libxine1-devel-1-0.rc5.9.3.101mdk.i586.rpm
f15dbebfea2af1a970b7d2efd9294553 10.1/RPMS/xine-aa-1-0.rc5.9.3.101mdk.i586.rpm
964bf0c612fdd2ad9f4d3f0189db4c5d 10.1/RPMS/xine-arts-1-0.rc5.9.3.101mdk.i586.rpm
942189b2e906e9318bb729841499714c 10.1/RPMS/xine-dxr3-1-0.rc5.9.3.101mdk.i586.rpm
d87d3f48cf4378de0cd66a763df69a22 10.1/RPMS/xine-esd-1-0.rc5.9.3.101mdk.i586.rpm
f015327c624aa069668a8faddc7989da 10.1/RPMS/xine-flac-1-0.rc5.9.3.101mdk.i586.rpm
fe16081d5be8ae716f139e7cc7971738 10.1/RPMS/xine-gnomevfs-1-0.rc5.9.3.101mdk.i586.rpm
b595c492e3d38c394a05bef235a8b50e 10.1/RPMS/xine-plugins-1-0.rc5.9.3.101mdk.i586.rpm
ae824a8ad57afa4af74d14ac36aec48f 10.1/SRPMS/xine-lib-1-0.rc5.9.3.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
c56c742c25b4e7ef55363bc433ada6b6 x86_64/10.1/RPMS/lib64xine1-1-0.rc5.9.3.101mdk.x86_64.rpm
8174e6c20c36883482a8c92ac7a32dd4 x86_64/10.1/RPMS/lib64xine1-devel-1-0.rc5.9.3.101mdk.x86_64.rpm
3f07ca856ac1574af04fbe1b27ee965e x86_64/10.1/RPMS/libxine1-1-0.rc5.9.3.101mdk.i586.rpm
c4b594b75216ec745901c2bc910aa854 x86_64/10.1/RPMS/xine-aa-1-0.rc5.9.3.101mdk.x86_64.rpm
0aa452c0c36a9a7eae6bc8276c585133 x86_64/10.1/RPMS/xine-arts-1-0.rc5.9.3.101mdk.x86_64.rpm
bf3e6970c3b37d80eee58be3804aaef1 x86_64/10.1/RPMS/xine-dxr3-1-0.rc5.9.3.101mdk.x86_64.rpm
419d4acc74bd3368f4ad7e841b71583f x86_64/10.1/RPMS/xine-esd-1-0.rc5.9.3.101mdk.x86_64.rpm
a934d38fc6bc894afcd51fc443c5387a x86_64/10.1/RPMS/xine-flac-1-0.rc5.9.3.101mdk.x86_64.rpm
c71f58dd79bbd7a67ade68f9f0c47537 x86_64/10.1/RPMS/xine-gnomevfs-1-0.rc5.9.3.101mdk.x86_64.rpm
9d2dbdaf3887b90af8f6f275956fba25 x86_64/10.1/RPMS/xine-plugins-1-0.rc5.9.3.101mdk.x86_64.rpm
ae824a8ad57afa4af74d14ac36aec48f x86_64/10.1/SRPMS/xine-lib-1-0.rc5.9.3.101mdk.src.rpm

Mandrivalinux 10.2:
b59bd74be8211752b1f8b14eaaeb4caf 10.2/RPMS/libxine1-1.0-8.2.102mdk.i586.rpm
7df88b45784d86b120232238e80c2ae9 10.2/RPMS/libxine1-devel-1.0-8.2.102mdk.i586.rpm
22f9a1ef543d6e6b8b409e995c05f549 10.2/RPMS/xine-aa-1.0-8.2.102mdk.i586.rpm
6b288c5aec71967bb93031d1d6781f18 10.2/RPMS/xine-arts-1.0-8.2.102mdk.i586.rpm
e94fbd981fa69cdf4205f73620d65d58 10.2/RPMS/xine-dxr3-1.0-8.2.102mdk.i586.rpm
4ac7f54e7442efeac8a8f27ea94cce31 10.2/RPMS/xine-esd-1.0-8.2.102mdk.i586.rpm
93fb8780846b76c53743f74113c5d789 10.2/RPMS/xine-flac-1.0-8.2.102mdk.i586.rpm
79cf02e9f22be6638927dec066926b5d 10.2/RPMS/xine-gnomevfs-1.0-8.2.102mdk.i586.rpm
fb9103583e2eb19ad301d6a3042fad86 10.2/RPMS/xine-plugins-1.0-8.2.102mdk.i586.rpm
bd90a1fe71bd91383caf9ea5d87e2abc 10.2/RPMS/xine-polyp-1.0-8.2.102mdk.i586.rpm
4067888181bc7c025901b054ec7c8fd6 10.2/RPMS/xine-smb-1.0-8.2.102mdk.i586.rpm
3d1f4d92c41f977edf895388f4784337 10.2/SRPMS/xine-lib-1.0-8.2.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
772e4a1a0aac6006474768a0601545a3 x86_64/10.2/RPMS/lib64xine1-1.0-8.2.102mdk.x86_64.rpm
c72a8b14fbe656c62f8368fbc9449931 x86_64/10.2/RPMS/lib64xine1-devel-1.0-8.2.102mdk.x86_64.rpm
f6123a88fc6b3c7edd68dccbc75efc8d x86_64/10.2/RPMS/xine-aa-1.0-8.2.102mdk.x86_64.rpm
9768022de3f23e61649671a76de6d4a3 x86_64/10.2/RPMS/xine-arts-1.0-8.2.102mdk.x86_64.rpm
6636acc15686f32d827c367ae0e0af83 x86_64/10.2/RPMS/xine-dxr3-1.0-8.2.102mdk.x86_64.rpm
bd80ab843edcb769edbe95bee307848e x86_64/10.2/RPMS/xine-esd-1.0-8.2.102mdk.x86_64.rpm
70c16130252aca43d5cac5d30d258dbc x86_64/10.2/RPMS/xine-flac-1.0-8.2.102mdk.x86_64.rpm
19546fbd231735cdb52488c78bb3138c x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.2.102mdk.x86_64.rpm
e14f01a64d3080fc35ee3f7280ae9336 x86_64/10.2/RPMS/xine-plugins-1.0-8.2.102mdk.x86_64.rpm
8281c290d3e926279706b049dd4247da x86_64/10.2/RPMS/xine-polyp-1.0-8.2.102mdk.x86_64.rpm
46f8be45f38977aa67731c5da830c43b x86_64/10.2/RPMS/xine-smb-1.0-8.2.102mdk.x86_64.rpm
3d1f4d92c41f977edf895388f4784337 x86_64/10.2/SRPMS/xine-lib-1.0-8.2.102mdk.src.rpm

Mandrivalinux 2006.0:
ad0dd01a46c84cb5ce8a28ce5710da28 2006.0/RPMS/libxine1-1.1.0-8.1.20060mdk.i586.rpm
b63c878314d9d393a43082f1940fd063 2006.0/RPMS/libxine1-devel-1.1.0-8.1.20060mdk.i586.rpm
77404b4ea4908b51843f26b4face7a21 2006.0/RPMS/xine-aa-1.1.0-8.1.20060mdk.i586.rpm
efec9d133963c8c8d1d052ea8d1a811d 2006.0/RPMS/xine-arts-1.1.0-8.1.20060mdk.i586.rpm
bb1f5e764c4cc933659ebe7ba2c61d88 2006.0/RPMS/xine-dxr3-1.1.0-8.1.20060mdk.i586.rpm
b74cffa6e5683afb50ed015555b2afe8 2006.0/RPMS/xine-esd-1.1.0-8.1.20060mdk.i586.rpm
f8c48d2fc87e8f562754ce36dcf7f74a 2006.0/RPMS/xine-flac-1.1.0-8.1.20060mdk.i586.rpm
b8f365ce839aa783637edd4687f89a64 2006.0/RPMS/xine-gnomevfs-1.1.0-8.1.20060mdk.i586.rpm
2fed4fcf4867293705de055f0b2095d3 2006.0/RPMS/xine-image-1.1.0-8.1.20060mdk.i586.rpm
7ee9724ef73423691f4c2622824d50e3 2006.0/RPMS/xine-plugins-1.1.0-8.1.20060mdk.i586.rpm
732ac66a4b4a8356c8afbfc6770ac6ac 2006.0/RPMS/xine-polyp-1.1.0-8.1.20060mdk.i586.rpm
f4afb35e994c48af37529481df73df9c 2006.0/RPMS/xine-smb-1.1.0-8.1.20060mdk.i586.rpm
f8551a36e839b1c284f157d042395477 2006.0/SRPMS/xine-lib-1.1.0-8.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
c9e6b7176514f797a6b4d444d630783e x86_64/2006.0/RPMS/lib64xine1-1.1.0-8.1.20060mdk.x86_64.rpm
9997e0b3a7712a94c98964d2a387d010 x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-8.1.20060mdk.x86_64.rpm
8c32b4302fe882f057cc307ef546356e x86_64/2006.0/RPMS/xine-aa-1.1.0-8.1.20060mdk.x86_64.rpm
a18e2771a126b49d93d588d7ff57f22d x86_64/2006.0/RPMS/xine-arts-1.1.0-8.1.20060mdk.x86_64.rpm
188e16a6da35e64d77ef1007f770959e x86_64/2006.0/RPMS/xine-dxr3-1.1.0-8.1.20060mdk.x86_64.rpm
cd4045af591254a68d48dbceb5885bc5 x86_64/2006.0/RPMS/xine-esd-1.1.0-8.1.20060mdk.x86_64.rpm
40c947de3d1df3e33a0f4c26f096b0c8 x86_64/2006.0/RPMS/xine-flac-1.1.0-8.1.20060mdk.x86_64.rpm
cdd6293c4edc8751989f605eb4bb3f45 x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-8.1.20060mdk.x86_64.rpm
249af817e4dac7f580ef1d9614ec66da x86_64/2006.0/RPMS/xine-image-1.1.0-8.1.20060mdk.x86_64.rpm
4161debdffeaf757be1d97a28e9d7c02 x86_64/2006.0/RPMS/xine-plugins-1.1.0-8.1.20060mdk.x86_64.rpm
6c5c31192529ddca8794de618f4ce0f4 x86_64/2006.0/RPMS/xine-polyp-1.1.0-8.1.20060mdk.x86_64.rpm
eb1a6c7e8297098dff9d2896f83f2f2f x86_64/2006.0/RPMS/xine-smb-1.1.0-8.1.20060mdk.x86_64.rpm
f8551a36e839b1c284f157d042395477 x86_64/2006.0/SRPMS/xine-lib-1.1.0-8.1.20060mdk.src.rpm

Corporate 3.0:
e93f0caab04c2752c07faaff0f97922f corporate/3.0/RPMS/libxine1-1-0.rc3.6.5.C30mdk.i586.rpm
b7cc7339b05df194eac9ef7a17878271 corporate/3.0/RPMS/xine-arts-1-0.rc3.6.5.C30mdk.i586.rpm
0e2cfe89dd82835669dcff0780923982 corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.5.C30mdk.i586.rpm
8658f0c1e16ef59142cbe2c685043b26 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
f43b406288771a962829e7b9686c2eba x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.5.C30mdk.x86_64.rpm
aa294b88759a08022052f0bdff44ad6a x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.5.C30mdk.x86_64.rpm
27247dc4bb05cef5bfbe97631b12de2e x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.5.C30mdk.x86_64.rpm
8658f0c1e16ef59142cbe2c685043b26 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.5.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDTKgRmqjQ0CJFipgRAjRcAKDV7Nalb4u00rWeG25Tfm/0Plc0HQCfYKUA
2LWSLF4Xu7XaLivCNsmzOvA=
=8Q5N
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close