Xine version 0.99.4 appears susceptible to format string attacks.
62f25a84eba9e3749d25e73f729fb0af230802b3b37ce4ae221f19a7c6f78478Author : KaDaL-X
email : king_purba@yahoo.co.uk
website : http://kandangjamur.net
Software tested
Version : 0.99.4
Vendor : http://xine.sourceforge.net
Proof Of Concept :
Type in your unix console something like this :
kandangjamur$xine %p-%p.mp3
Then, there are two error alert box causing by this command :
1. There is no input pluggin available to handle
2. The specified file or mrl Plese check it twice (0x811ac8e-0xbe1fdabc.mp3) <-- format string error
Vulnerable code :
In src/xitk/main.c
/* (file name or mrl) */
case XINE_MSG_FILE_NOT_FOUND:
snprintf(buffer, sizeof(buffer), "%s", _("The specified file or mrl is not found. Please check it twic
e."));
if(data->explanation)
sprintf(buffer, "%s (%s)", buffer, (char *) data + data->parameters);
break;
The vulnerable variable is (char *) data + data->parameters, but i don't analyze this code to make clear
this problem (sorry). By giving comment in sprintf() function can be used to fix this issue,
but many format string issue may be happen on file main.c causing by (char *) data + data->parameters
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed