1 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
2 |
Gentoo Linux Security Advisory GLSA 200404-20 |
3 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
4 |
http://security.gentoo.org/ |
5 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
6 |
|
7 |
Severity: Normal |
8 |
Title: Multiple vulnerabilities in xine |
9 |
Date: April 27, 2004 |
10 |
Bugs: #45448, #48107, #48108 |
11 |
ID: 200404-20 |
12 |
|
13 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
14 |
|
15 |
Synopsis |
16 |
======== |
17 |
|
18 |
Several vulnerabilities have been found in xine-ui and xine-lib, |
19 |
potentially allowing an attacker to overwrite files with the rights of |
20 |
the user. |
21 |
|
22 |
Background |
23 |
========== |
24 |
|
25 |
xine is a multimedia player allowing to play back CDs, DVDs, and VCDs |
26 |
and decoding multimedia files like AVI, MOV, WMV, and MP3 from local |
27 |
disk drives, and displays multimedia streamed over the Internet. It is |
28 |
available in Gentoo as a reusable library (xine-lib) with a standard |
29 |
user interface (xine-ui). |
30 |
|
31 |
Affected packages |
32 |
================= |
33 |
|
34 |
------------------------------------------------------------------- |
35 |
Package / Vulnerable / Unaffected |
36 |
------------------------------------------------------------------- |
37 |
1 media-video/xine-ui <= 0.9.23-r1 >= 0.9.23-r2 |
38 |
2 media-libs/xine-lib <= 1_rc3-r2 >= 1_rc3-r3 |
39 |
------------------------------------------------------------------- |
40 |
2 affected packages on all of their supported architectures. |
41 |
------------------------------------------------------------------- |
42 |
|
43 |
Description |
44 |
=========== |
45 |
|
46 |
Several vulnerabilities were found in xine-ui and xine-lib. By opening |
47 |
a malicious MRL in any xine-lib based media player, an attacker can |
48 |
write arbitrary content to an arbitrary file, only restricted by the |
49 |
permissions of the user running the application. By opening a malicious |
50 |
playlist in the xine-ui media player, an attacker can write arbitrary |
51 |
content to an arbitrary file, only restricted by the permissions of the |
52 |
user running xine-ui. Finally, a temporary file is created in an |
53 |
insecure manner by the xine-check and xine-bugreport scripts, |
54 |
potentially allowing a local attacker to use a symlink attack. |
55 |
|
56 |
Impact |
57 |
====== |
58 |
|
59 |
These three vulnerabilities may alow an attacker to corrupt system |
60 |
files, thus potentially leading to a Denial of Service. It is also |
61 |
theoretically possible, though very unlikely, to use these |
62 |
vulnerabilities to elevate the privileges of the attacker. |
63 |
|
64 |
Workaround |
65 |
========== |
66 |
|
67 |
There is no known workaround at this time. All users are advised to |
68 |
upgrade to the latest available versions of xine-ui and xine-lib. |
69 |
|
70 |
Resolution |
71 |
========== |
72 |
|
73 |
All users of xine-ui or another xine-based player should upgrade to the |
74 |
latest stable versions: |
75 |
|
76 |
# emerge sync |
77 |
|
78 |
# emerge -pv ">=media-video/xine-ui-0.9.23-r2" |
79 |
# emerge ">=media-video/xine-ui-0.9.23-r2" |
80 |
|
81 |
# emerge -pv ">=media-libs/xine-lib-1_rc3-r3" |
82 |
# emerge ">=media-libs/xine-lib-1_rc3-r3" |
83 |
|
84 |
References |
85 |
========== |
86 |
|
87 |
[ 1 ] Xine Security Advisories |
88 |
http://xinehq.de/index.php/security |
89 |
[ 2 ] xine-bugreport and xine-check vulnerability |
90 |
http://nettwerked.mg2.org/advisories/xinebug |
91 |
|
92 |
Availability |
93 |
============ |
94 |
|
95 |
This GLSA and any updates to it are available for viewing at |
96 |
the Gentoo Security Website: |
97 |
|
98 |
http://security.gentoo.org/glsa/glsa-200404-20.xml |
99 |
|
100 |
Concerns? |
101 |
========= |
102 |
|
103 |
Security is a primary focus of Gentoo Linux and ensuring the |
104 |
confidentiality and security of our users machines is of utmost |
105 |
importance to us. Any security concerns should be addressed to |
106 |
security@g.o or alternatively, you may file a bug at |
107 |
http://bugs.gentoo.org. |
108 |
|
109 |
License |
110 |
======= |
111 |
|
112 |
Copyright 2004 Gentoo Technologies, Inc; referenced text |
113 |
belongs to its owner(s). |
114 |
|
115 |
The contents of this document are licensed under the |
116 |
Creative Commons - Attribution / Share Alike license. |
117 |
|
118 |
http://creativecommons.org/licenses/by-sa/1.0 |