ID CVE-2004-1379 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:30:00
Description
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
{"osvdb": [{"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "cvelist": ["CVE-2004-1379"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://xinehq.de/\nSecurity Tracker: 1011337\n[Secunia Advisory ID:12750](https://secuniaresearch.flexerasoftware.com/advisories/12750/)\n[Secunia Advisory ID:12602](https://secuniaresearch.flexerasoftware.com/advisories/12602/)\n[Secunia Advisory ID:14018](https://secuniaresearch.flexerasoftware.com/advisories/14018/)\n[Secunia Advisory ID:12629](https://secuniaresearch.flexerasoftware.com/advisories/12629/)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:105\nOther Advisory URL: http://www.debian.org/security/2005/dsa-657\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0195.html\nKeyword: XSA-2004-5\nISS X-Force ID: 17423\n[CVE-2004-1379](https://vulners.com/cve/CVE-2004-1379)\n", "modified": "2004-09-06T00:00:00", "published": "2004-09-06T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:10044", "id": "OSVDB:10044", "type": "osvdb", "title": "xine-lib DVD Subpicture Decoder Remote Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1379"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52239", "href": "http://plugins.openvas.org/nasl.php?oid=52239", "type": "openvas", "title": "FreeBSD Ports: libxine", "sourceData": "#\n#VID 131bd7c4-64a3-11d9-829a-000a95bc6fae\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libxine\n\nCVE-2004-1379\nHeap-based buffer overflow in the DVD subpicture decoder in xine\nxine-lib 1-rc5 and earlier allows remote attackers to execute\narbitrary code via a (1) DVD or (2) MPEG subpicture header where the\nsecond field reuses RLE data from the end of the first field.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://xinehq.de/index.php/security/XSA-2004-5\nhttp://www.vuxml.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52239);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(11205);\n script_cve_id(\"CVE-2004-1379\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: libxine\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"libxine\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.r6\")<0) {\n txt += 'Package libxine version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1379"], "description": "The remote host is missing an update to xine-lib\nannounced via advisory DSA 657-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53745", "href": "http://plugins.openvas.org/nasl.php?oid=53745", "type": "openvas", "title": "Debian Security Advisory DSA 657-1 (xine-lib)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_657_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 657-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap overflow has been discovered in the DVD subpicture decoder of\nxine-lib. An attacker could cause arbitrary code to be executed on\nthe victims host by supplying a malicious MPEG. By tricking users to\nview a malicious network stream, this is remotely exploitable.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1-rc6a-1.\n\nWe recommend that you upgrade your libxine packages.\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory DSA 657-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20657-1\";\n\nif(description)\n{\n script_id(53745);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:56:38 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-1379\");\n script_bugtraq_id(11205);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 657-1 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"0.9.8-2woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine0\", ver:\"0.9.8-2woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1475", "CVE-2004-1379", "CVE-2004-1476"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200409-30.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54686", "href": "http://plugins.openvas.org/nasl.php?oid=54686", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200409-30 (xine-lib)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"xine-lib contains several vulnerabilities potentially allowing the\nexecution of arbitrary code.\";\ntag_solution = \"All xine-lib users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=media-libs/xine-lib-1_rc6'\n # emerge '>=media-libs/xine-lib-1_rc6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-30\nhttp://bugs.gentoo.org/show_bug.cgi?id=64348\nhttp://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0\nhttp://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200409-30.\";\n\n \n\nif(description)\n{\n script_id(54686);\n script_cve_id(\"CVE-2004-1379\",\"CVE-2004-1475\",\"CVE-2004-1476\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200409-30 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/xine-lib\", unaffected: make_list(\"ge 1_rc6\"), vulnerable: make_list(\"le 1_rc5-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:29:47", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1379"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 657-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 25th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xine-lib\nVulnerability : buffer overflow\nProblem-Type : local (remote)\nDebian-specific: no\nCVE ID : CAN-2004-1379\nBugTraq ID : 11205\n\nA heap overflow has been discovered in the DVD subpicture decoder of\nxine-lib. An attacker could cause arbitrary code to be executed on\nthe victims host by supplying a malicious MPEG. By tricking users to\nview a malicious network stream, this is remotely exploitable.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1-rc6a-1.\n\nWe recommend that you upgrade your libxine packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody3.dsc\n Size/MD5 checksum: 760 fdead2b906645e98cd98482da245f9fe\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody3.diff.gz\n Size/MD5 checksum: 1432 d1228b2ea29024dc31d7e73716e430b8\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz\n Size/MD5 checksum: 1766178 d8fc9b30e15b50af8ab7552bbda7aeda\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_alpha.deb\n Size/MD5 checksum: 260790 35b1fcb3d630159bffba57cd03ee7198\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_alpha.deb\n Size/MD5 checksum: 815898 5b969f8b91cd217a62fbe1206e0dae22\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_arm.deb\n Size/MD5 checksum: 302736 503e7f984fcdc022730ae84bda3d7893\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_arm.deb\n Size/MD5 checksum: 671030 3ca1bdc2e19e8547593ec227457bf934\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_i386.deb\n Size/MD5 checksum: 261202 4fa616c95b299f01eb6c4d3984696a97\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_i386.deb\n Size/MD5 checksum: 807774 2880560bd06ebf751184bd8cb0345974\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_ia64.deb\n Size/MD5 checksum: 260670 474f66c0a7ffdd1f1728ca22a05556f3\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_ia64.deb\n Size/MD5 checksum: 953146 001f5e510918a2b1cb52e2d560094224\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_hppa.deb\n Size/MD5 checksum: 260840 af3ab8871f26ec99c2e5a4c67821415c\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_hppa.deb\n Size/MD5 checksum: 846422 cf09d101cec9e33e4074e6d9e5e7868a\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_m68k.deb\n Size/MD5 checksum: 292502 ba71fa3ee20e67e92e4ecfab2028f12b\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_m68k.deb\n Size/MD5 checksum: 617432 68fd34079a32e9881f095c7ccc458822\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_mips.deb\n Size/MD5 checksum: 299528 feca6217a5df51fe46d1e5185a36c0f4\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_mips.deb\n Size/MD5 checksum: 652674 80f688f5856c786f2432619491ac5b56\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_mipsel.deb\n Size/MD5 checksum: 299564 5c2165f1adad2172acfddb42b2be92d1\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_mipsel.deb\n Size/MD5 checksum: 654450 4937401c8ea1d16ebfabf83b9321cc4e\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_powerpc.deb\n Size/MD5 checksum: 261054 9345084069863c90f69d17d4cd55e31d\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_powerpc.deb\n Size/MD5 checksum: 742158 7fd5ef486125947c8418ca95b803df8f\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_s390.deb\n Size/MD5 checksum: 302236 c539ecfcf4a0dfd19b4637fc93f558b9\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_s390.deb\n Size/MD5 checksum: 662496 2d6aede160abfc88f5cf5e7f2e19014a\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_sparc.deb\n Size/MD5 checksum: 260942 db51371b3aad43f02fead312971c8150\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_sparc.deb\n Size/MD5 checksum: 807478 2f4c13dab590a77d3f57aa923617bc8c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "modified": "2005-01-25T00:00:00", "published": "2005-01-25T00:00:00", "id": "DEBIAN:DSA-657-1:8C682", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00035.html", "title": "[SECURITY] [DSA 657-1] New xine-lib packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T10:03:13", "description": "A heap overflow has been discovered in the DVD subpicture decoder of\nxine-lib. An attacker could cause arbitrary code to be executed on the\nvictims host by supplying a malicious MPEG. By tricking users to view\na malicious network stream, this is remotely exploitable.", "edition": 25, "published": "2005-01-25T00:00:00", "title": "Debian DSA-657-1 : xine-lib - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1379"], "modified": "2005-01-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xine-lib", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-657.NASL", "href": "https://www.tenable.com/plugins/nessus/16248", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-657. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(16248);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-1379\");\n script_bugtraq_id(11205);\n script_xref(name:\"DSA\", value:\"657\");\n\n script_name(english:\"Debian DSA-657-1 : xine-lib - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap overflow has been discovered in the DVD subpicture decoder of\nxine-lib. An attacker could cause arbitrary code to be executed on the\nvictims host by supplying a malicious MPEG. By tricking users to view\na malicious network stream, this is remotely exploitable.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-657\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxine packages.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/01/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libxine-dev\", reference:\"0.9.8-2woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libxine0\", reference:\"0.9.8-2woody3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:40:00", "description": "A xine security announcement states :\n\nA heap overflow has been found in the DVD subpicture decoder of\nxine-lib. This can be used for a remote heap overflow exploit, which\ncan, on some systems, lead to or help in executing malicious code with\nthe permissions of the user running a xine-lib based media\napplication.", "edition": 24, "published": "2005-07-13T00:00:00", "title": "FreeBSD : libxine -- DVD subpicture decoder heap overflow (131bd7c4-64a3-11d9-829a-000a95bc6fae)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1379"], "modified": "2005-07-13T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxine"], "id": "FREEBSD_PKG_131BD7C464A311D9829A000A95BC6FAE.NASL", "href": "https://www.tenable.com/plugins/nessus/18847", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18847);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-1379\");\n\n script_name(english:\"FreeBSD : libxine -- DVD subpicture decoder heap overflow (131bd7c4-64a3-11d9-829a-000a95bc6fae)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A xine security announcement states :\n\nA heap overflow has been found in the DVD subpicture decoder of\nxine-lib. This can be used for a remote heap overflow exploit, which\ncan, on some systems, lead to or help in executing malicious code with\nthe permissions of the user running a xine-lib based media\napplication.\"\n );\n # http://xinehq.de/index.php/security/XSA-2004-5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ce00046\"\n );\n # https://vuxml.freebsd.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98625c21\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.0.r6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:22", "description": "A number of string overflows were discovered in the xine-lib program,\nsome of which can be used for remote buffer overflow exploits that\nlead to the execution of arbitrary code with the permissions of the\nuser running a xine-lib-based media application. xine-lib versions\n1-rc2 through, and including, 1-rc5 are vulnerable to these problems.\n\nAs well, a heap overflow was found in the DVD subpicture decoder of\nxine-lib; this vulnerability is also remotely exploitable. All\nversions of xine-lib prior to and including 0.5.2 through, and\nincluding, 1-rc5 are vulnerable to this problem.\n\nPatches from the xine-lib team have been backported and applied to the\nprogram to solve these problems.", "edition": 24, "published": "2004-10-08T00:00:00", "title": "Mandrake Linux Security Advisory : xine-lib (MDKSA-2004:105)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1475", "CVE-2004-1379", "CVE-2004-1476"], "modified": "2004-10-08T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:xine-gnomevfs", "p-cpe:/a:mandriva:linux:libxine1", "p-cpe:/a:mandriva:linux:xine-plugins", "p-cpe:/a:mandriva:linux:lib64xine1-devel", "p-cpe:/a:mandriva:linux:xine-flac", "p-cpe:/a:mandriva:linux:xine-esd", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:xine-arts", "p-cpe:/a:mandriva:linux:xine-dxr3", "p-cpe:/a:mandriva:linux:libxine1-devel", "p-cpe:/a:mandriva:linux:lib64xine1", "p-cpe:/a:mandriva:linux:xine-aa"], "id": "MANDRAKE_MDKSA-2004-105.NASL", "href": "https://www.tenable.com/plugins/nessus/15434", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:105. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15434);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-1379\", \"CVE-2004-1475\", \"CVE-2004-1476\");\n script_xref(name:\"MDKSA\", value:\"2004:105\");\n\n script_name(english:\"Mandrake Linux Security Advisory : xine-lib (MDKSA-2004:105)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of string overflows were discovered in the xine-lib program,\nsome of which can be used for remote buffer overflow exploits that\nlead to the execution of arbitrary code with the permissions of the\nuser running a xine-lib-based media application. xine-lib versions\n1-rc2 through, and including, 1-rc5 are vulnerable to these problems.\n\nAs well, a heap overflow was found in the DVD subpicture decoder of\nxine-lib; this vulnerability is also remotely exploitable. All\nversions of xine-lib prior to and including 0.5.2 through, and\nincluding, 1-rc5 are vulnerable to this problem.\n\nPatches from the xine-lib team have been backported and applied to the\nprogram to solve these problems.\"\n );\n # http://xinehq.de/index.php/security/XSA-2004-4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21259b72\"\n );\n # http://xinehq.de/index.php/security/XSA-2004-5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ce00046\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64xine1-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64xine1-devel-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libxine1-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libxine1-devel-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-aa-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-arts-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"xine-dxr3-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-esd-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-flac-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-gnomevfs-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"xine-plugins-1-0.rc3.6.2.100mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:51:51", "description": "The remote host is affected by the vulnerability described in GLSA-200409-30\n(xine-lib: Multiple vulnerabilities)\n\n xine-lib contains two stack-based overflows and one heap-based\n overflow. In the code reading VCD disc labels, the ISO disc label is\n copied into an unprotected stack buffer of fixed size. Also, there is a\n buffer overflow in the code that parses subtitles and prepares them for\n display (XSA-2004-4). Finally, xine-lib contains a heap-based overflow\n in the DVD sub-picture decoder (XSA-2004-5).\n (Please note that the VCD MRL issue mentioned in XSA-2004-4 was fixed\n with GLSA 200408-18.)\n \nImpact :\n\n With carefully-crafted VCDs, DVDs, MPEGs or subtitles, an attacker may\n cause xine-lib to execute arbitrary code with the permissions of the\n user.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2004-09-23T00:00:00", "title": "GLSA-200409-30 : xine-lib: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1475", "CVE-2004-1379", "CVE-2004-1476"], "modified": "2004-09-23T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xine-lib"], "id": "GENTOO_GLSA-200409-30.NASL", "href": "https://www.tenable.com/plugins/nessus/14798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200409-30.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14798);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-1379\", \"CVE-2004-1475\", \"CVE-2004-1476\");\n script_xref(name:\"GLSA\", value:\"200409-30\");\n\n script_name(english:\"GLSA-200409-30 : xine-lib: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200409-30\n(xine-lib: Multiple vulnerabilities)\n\n xine-lib contains two stack-based overflows and one heap-based\n overflow. In the code reading VCD disc labels, the ISO disc label is\n copied into an unprotected stack buffer of fixed size. Also, there is a\n buffer overflow in the code that parses subtitles and prepares them for\n display (XSA-2004-4). Finally, xine-lib contains a heap-based overflow\n in the DVD sub-picture decoder (XSA-2004-5).\n (Please note that the VCD MRL issue mentioned in XSA-2004-4 was fixed\n with GLSA 200408-18.)\n \nImpact :\n\n With carefully-crafted VCDs, DVDs, MPEGs or subtitles, an attacker may\n cause xine-lib to execute arbitrary code with the permissions of the\n user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/archive/1/375485/2004-09-02/2004-09-08/0\"\n );\n # http://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/archive/1/375482/2004-09-02/2004-09-08/0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200409-30\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=media-libs/xine-lib-1_rc6'\n # emerge '>=media-libs/xine-lib-1_rc6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1_rc6\"), vulnerable:make_list(\"le 1_rc5-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1379"], "description": "\nA xine security announcement states:\n\nA heap overflow has been found in the DVD subpicture\n\t decoder of xine-lib. This can be used for a remote heap\n\t overflow exploit, which can, on some systems, lead to or\n\t help in executing malicious code with the permissions of the\n\t user running a xine-lib based media application.\n\n", "edition": 4, "modified": "2005-01-19T00:00:00", "published": "2004-09-06T00:00:00", "id": "131BD7C4-64A3-11D9-829A-000A95BC6FAE", "href": "https://vuxml.freebsd.org/freebsd/131bd7c4-64a3-11d9-829a-000a95bc6fae.html", "title": "libxine -- DVD subpicture decoder heap overflow", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2004-1475", "CVE-2004-1379", "CVE-2004-1476"], "description": "### Background\n\nxine-lib is a multimedia library which can be utilized to create multimedia frontends. \n\n### Description\n\nxine-lib contains two stack-based overflows and one heap-based overflow. In the code reading VCD disc labels, the ISO disc label is copied into an unprotected stack buffer of fixed size. Also, there is a buffer overflow in the code that parses subtitles and prepares them for display (XSA-2004-4). Finally, xine-lib contains a heap-based overflow in the DVD sub-picture decoder (XSA-2004-5). \n\n(Please note that the VCD MRL issue mentioned in XSA-2004-4 was fixed with GLSA 200408-18.) \n\n### Impact\n\nWith carefully-crafted VCDs, DVDs, MPEGs or subtitles, an attacker may cause xine-lib to execute arbitrary code with the permissions of the user. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xine-lib users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=media-libs/xine-lib-1_rc6\"\n # emerge \">=media-libs/xine-lib-1_rc6\"", "edition": 1, "modified": "2006-05-22T00:00:00", "published": "2004-09-22T00:00:00", "id": "GLSA-200409-30", "href": "https://security.gentoo.org/glsa/200409-30", "type": "gentoo", "title": "xine-lib: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
