Vulnerability Bulletins |
Múltiples bugs de formato en xine |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Xine |
Description |
|
|
Se han descubierto múltiples bugs de formato en xine. Las vulnerabilidades residen en xiTK. Las vulnerabilidades residen en el manejo incorrecto de especificadores de formato en determinados nombres de archivos en una línea EXTINFO en una playlist. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante una playlist especialmente diseñada. |
|
Solution |
|
|
Actualización de software Mandriva Linux Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/xine-ui-0.9.23-3.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/xine-ui-aa-0.9.23-3.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/xine-ui-fb-0.9.23-3.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/xine-ui-0.9.23-3.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/xine-ui-0.9.23-3.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/xine-ui-aa-0.9.23-3.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/xine-ui-fb-0.9.23-3.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/xine-ui-0.9.23-3.3.C30mdk.src.rpm Mandrivalinux 2006 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xine-ui-0.99.4-1.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xine-ui-aa-0.99.4-1.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xine-ui-fb-0.99.4-1.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/xine-ui-0.99.4-1.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xine-ui-0.99.4-1.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xine-ui-aa-0.99.4-1.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xine-ui-fb-0.99.4-1.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/xine-ui-0.99.4-1.1.20060mdk.src.rpm |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-1905 |
| BID | |
Other resources |
|
|
Mandriva Security Advisory MDKSA-2006:085 http://www.mandriva.com/security/advisories?name=MDKSA-2006:085 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-05-11 |