Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | phpBB viewtopic.php 'highlight' Input Validation Flaw Lets Remote Users Execute Arbitrary Commands |
|---|
Categorie: Vulnerability
Posted: 2004-12-27 by ReCall
Views: 453
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: Some vulnerabilities were reported in xine. A remote user may be able to execute arbitrary code on the target user's system.
iDEFENSE reported that there is a buffer overflow in pnm_get_chunk() in the processing of the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG, and CONT_TAG parameters [CVE: CAN-2004-1188] and the PNA_TAG parameter [CVE: CAN-2004-1187]. A remote user can create a 'pnm://' URL that, when loaded by the target user, will cause xine to connect to a malicious server and load a specially crafted PNM file to trigger the overflow. Arbitrary code can be executed with the privileges of the target user.
The vendor was notified on December 10, 2004.
Impact: A remote user can cause arbitrary code to be executed on the target user's computer when a specially crafted PNM file is processed by the target user. The code will run with the privileges of the target user.
Solution: The vendor has issued a fixed version of xine-lib (1-rc8), available at:
http://xinehq.de/index.php/releases
A patch is also available at:
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1253
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
