Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
{"id": "CVE-2006-2230", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2006-2230", "description": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.", "published": "2006-05-05T19:02:00", "modified": "2018-10-18T16:38:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2230", "reporter": "cve@mitre.org", "references": ["http://www.debian.org/security/2006/dsa-1093", "http://www.securityfocus.com/bid/17769", "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216", "http://www.securityfocus.com/archive/1/432598/100/0/threaded"], "cvelist": ["CVE-2006-1905", "CVE-2006-2230"], "immutableFields": [], "lastseen": "2022-03-23T15:03:18", "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1905"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1093-1:9E354"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-1905", "DEBIANCVE:CVE-2006-2230"]}, {"type": "freebsd", "idList": ["8D4AE57D-D2AB-11DA-A672-000E0C2E438A"]}, {"type": "gentoo", "idList": ["GLSA-200604-15"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1093.NASL", "FREEBSD_PKG_8D4AE57DD2AB11DAA672000E0C2E438A.NASL", "GENTOO_GLSA-200604-15.NASL", "MANDRAKE_MDKSA-2006-085.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:56658", "OPENVAS:56682", "OPENVAS:56922"]}, {"type": "osv", "idList": ["OSV:DSA-1093-1"]}, {"type": "suse", "idList": ["SUSE-SA:2006:025"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-1905", "UB:CVE-2006-2230"]}]}, "score": {"value": 4.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2006-1905"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1093-1:9E354"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1093.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-2230"]}]}, "exploitation": null, "vulnersScore": 4.5}, "_state": {"dependencies": 1660004461, "score": 1660012044}, "_internal": {"score_hash": "4f4b46413bb9d8e9e62ea9aabc7bf249"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:xine:xine:0.99.4"], "cpe23": ["cpe:2.3:a:xine:xine:0.99.4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "xine:xine", "version": "0.99.4", "operator": "eq", "name": "xine"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:xine:xine:0.99.4:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://www.debian.org/security/2006/dsa-1093", "name": "DSA-1093", "refsource": "DEBIAN", "tags": []}, {"url": "http://www.securityfocus.com/bid/17769", "name": "17769", "refsource": "BID", "tags": []}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26216", "name": "xine-mainc-format-string(26216)", "refsource": "XF", "tags": []}, {"url": "http://www.securityfocus.com/archive/1/432598/100/0/threaded", "name": "20060429 XINE format string bugs when handling non existen file", "refsource": "BUGTRAQ", "tags": []}]}
{"ubuntucve": [{"lastseen": "2022-08-04T14:46:49", "description": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4\nmight allow attackers to cause a denial of service via format string\nspecifiers in an MP3 filename specified on the command line. NOTE: this is\na different vulnerability than CVE-2006-1905. In addition, if the only\nattack vectors involve a user-assisted, local command line argument of a\nnon-setuid program, this issue might not be a vulnerability.", "cvss3": {}, "published": "2006-05-05T00:00:00", "type": "ubuntucve", "title": "CVE-2006-2230", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1905", "CVE-2006-2230"], "modified": "2006-05-05T00:00:00", "id": "UB:CVE-2006-2230", "href": "https://ubuntu.com/security/CVE-2006-2230", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:46:57", "description": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3\nallow remote attackers to execute arbitrary code via format string\nspecifiers in a long filename on an EXTINFO line in a playlist file.", "cvss3": {}, "published": "2006-04-20T00:00:00", "type": "ubuntucve", "title": "CVE-2006-1905", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-1905"], "modified": "2006-04-20T00:00:00", "id": "UB:CVE-2006-1905", "href": "https://ubuntu.com/security/CVE-2006-1905", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T06:03:09", "description": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.", "cvss3": {}, "published": "2006-05-05T19:02:00", "type": "debiancve", "title": "CVE-2006-2230", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1905", "CVE-2006-2230"], "modified": "2006-05-05T19:02:00", "id": "DEBIANCVE:CVE-2006-2230", "href": "https://security-tracker.debian.org/tracker/CVE-2006-2230", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T06:03:09", "description": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.", "cvss3": {}, "published": "2006-04-20T10:02:00", "type": "debiancve", "title": "CVE-2006-1905", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-1905"], "modified": "2006-04-20T10:02:00", "id": "DEBIANCVE:CVE-2006-1905", "href": "https://security-tracker.debian.org/tracker/CVE-2006-1905", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T03:36:52", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1093-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJune 8th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xine-ui\nVulnerability : format string\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2006-2230\n\nSeveral format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\n\nThe old stable distribution (woody) is not affected by these problems.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.99.3-1sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your xine-ui package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1.dsc\n Size/MD5 checksum: 746 527be88be68d5710bf5e0a5b09ffc839\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1.diff.gz\n Size/MD5 checksum: 1288 64415eeb7634cc0dca6d7a44e7a8f404\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3.orig.tar.gz\n Size/MD5 checksum: 2610080 aa7805a93e511e3d67dc1bf09a71fcdd\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_alpha.deb\n Size/MD5 checksum: 1877496 56392abc6057d656c041bfbad49976ad\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_amd64.deb\n Size/MD5 checksum: 1766792 b093fcc76082ac6e95518f2ec9a27bd9\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_arm.deb\n Size/MD5 checksum: 1711066 856ce425a4db60d0d043b95ad0a7ec18\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_i386.deb\n Size/MD5 checksum: 1731748 5f971967308012850fecd3c9362cec9b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_ia64.deb\n Size/MD5 checksum: 2041594 6f37253dad654f31f5bd12c2109e5726\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_hppa.deb\n Size/MD5 checksum: 1682926 1ac6f7faa43469e805c01be3d8756a2b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_m68k.deb\n Size/MD5 checksum: 1588564 baea2fa096194f491dcf2438cfa489c7\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_mips.deb\n Size/MD5 checksum: 1762350 fbbaa304745c86021a0ffe463530a573\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_mipsel.deb\n Size/MD5 checksum: 1762594 6399a62f5e919c04333a2c5533e64cc0\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_powerpc.deb\n Size/MD5 checksum: 1776176 387dfa9a66f0fa3e26e9d26b5cc3aed0\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_s390.deb\n Size/MD5 checksum: 1742376 b41686f1d871c498d6f4185736317ff2\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_sparc.deb\n Size/MD5 checksum: 1761044 f37b88d9d0a99ee2a6be783e403d634c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2006-06-08T17:17:14", "type": "debian", "title": "[SECURITY] [DSA 1093-1] New xine-ui packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2230"], "modified": "2006-06-08T17:17:14", "id": "DEBIAN:DSA-1093-1:9E354", "href": "https://lists.debian.org/debian-security-announce/2006/msg00179.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:49:45", "description": "The remote host is missing an update to xine-ui\nannounced via advisory DSA 1093-1.\n\nSeveral format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\n\nThe old stable distribution (woody) is not affected by these problems.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1093-1 (xine-ui)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2230"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56922", "href": "http://plugins.openvas.org/nasl.php?oid=56922", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1093_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1093-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 0.99.3-1sarge1.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your xine-ui package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201093-1\";\ntag_summary = \"The remote host is missing an update to xine-ui\nannounced via advisory DSA 1093-1.\n\nSeveral format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\n\nThe old stable distribution (woody) is not affected by these problems.\";\n\n\nif(description)\n{\n script_id(56922);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-2230\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1093-1 (xine-ui)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xine-ui\", ver:\"0.99.3-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:48", "description": "The remote host is missing updates announced in\nadvisory GLSA 200604-15.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200604-15 (xine-ui)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1905"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:56682", "href": "http://plugins.openvas.org/nasl.php?oid=56682", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Format string vulnerabilities in xine-ui may lead to the execution of\narbitrary code.\";\ntag_solution = \"All xine-ui users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/xine-ui-0.99.4-r5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200604-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=130801\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200604-15.\";\n\n \n\nif(description)\n{\n script_id(56682);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(17579);\n script_cve_id(\"CVE-2006-1905\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200604-15 (xine-ui)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/xine-ui\", unaffected: make_list(\"ge 0.99.4-r5\"), vulnerable: make_list(\"lt 0.99.4-r5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:16", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: xine", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1905"], "modified": "2016-10-04T00:00:00", "id": "OPENVAS:56658", "href": "http://plugins.openvas.org/nasl.php?oid=56658", "sourceData": "#\n#VID 8d4ae57d-d2ab-11da-a672-000e0c2e438a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xine\n\nCVE-2006-1905\nMultiple format string vulnerabilities in xiTK (xitk/main.c) in xine\n0.99.3 allow remote attackers to execute arbitrary code via format\nstring specifiers in a long filename on an EXTINFO line in a playlist\nfile.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.open-security.org/advisories/16\nhttp://www.vuxml.org/freebsd/8d4ae57d-d2ab-11da-a672-000e0c2e438a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56658);\n script_version(\"$Revision: 4203 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-10-04 07:30:30 +0200 (Tue, 04 Oct 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-1905\");\n script_bugtraq_id(17579);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: xine\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xine\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.4_4\")<0) {\n txt += 'Package xine version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T13:15:00", "description": "Several format string vulnerabilities have been discovered in xine-ui, the user interface of the xine video player, which may cause a denial of service.", "cvss3": {"score": null, "vector": null}, "published": "2006-10-14T00:00:00", "type": "nessus", "title": "Debian DSA-1093-1 : xine - format string", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-2230"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xine-ui", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1093.NASL", "href": "https://www.tenable.com/plugins/nessus/22635", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1093. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22635);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-2230\");\n script_xref(name:\"DSA\", value:\"1093\");\n\n script_name(english:\"Debian DSA-1093-1 : xine - format string\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1093\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xine-ui package.\n\nThe old stable distribution (woody) is not affected by these problems.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.99.3-1sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"xine-ui\", reference:\"0.99.3-1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:15:54", "description": "The remote host is affected by the vulnerability described in GLSA-200604-15 (xine-ui: Format string vulnerabilities)\n\n Ludwig Nussel discovered that xine-ui incorrectly implements formatted printing.\n Impact :\n\n By constructing a malicious playlist file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2006-04-28T00:00:00", "type": "nessus", "title": "GLSA-200604-15 : xine-ui: Format string vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1905"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:xine-ui", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200604-15.NASL", "href": "https://www.tenable.com/plugins/nessus/21297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200604-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21297);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1905\");\n script_xref(name:\"GLSA\", value:\"200604-15\");\n\n script_name(english:\"GLSA-200604-15 : xine-ui: Format string vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200604-15\n(xine-ui: Format string vulnerabilities)\n\n Ludwig Nussel discovered that xine-ui incorrectly implements\n formatted printing.\n \nImpact :\n\n By constructing a malicious playlist file, a remote attacker could\n exploit these vulnerabilities to execute arbitrary code with the rights\n of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200604-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-ui users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/xine-ui-0.99.4-r5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/04/28\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/xine-ui\", unaffected:make_list(\"ge 0.99.4-r5\"), vulnerable:make_list(\"lt 0.99.4-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-ui\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:15:49", "description": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.\n\nPackages have been patched to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : xine-ui (MDKSA-2006:085)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1905"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:xine-ui", "p-cpe:/a:mandriva:linux:xine-ui-aa", "p-cpe:/a:mandriva:linux:xine-ui-fb", "cpe:/o:mandriva:linux:2006"], "id": "MANDRAKE_MDKSA-2006-085.NASL", "href": "https://www.tenable.com/plugins/nessus/21360", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:085. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21360);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1905\");\n script_xref(name:\"MDKSA\", value:\"2006:085\");\n\n script_name(english:\"Mandrake Linux Security Advisory : xine-ui (MDKSA-2006:085)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine\nallow remote attackers to execute arbitrary code via format string\nspecifiers in a long filename on an EXTINFO line in a playlist file.\n\nPackages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-ui, xine-ui-aa and / or xine-ui-fb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-ui-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-ui-fb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-ui-0.99.4-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-ui-aa-0.99.4-1.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-ui-fb-0.99.4-1.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:15:50", "description": "c0ntexb reports :\n\nThere are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedded in a remote playlist, it is possible to trigger this bug.", "cvss3": {"score": null, "vector": null}, "published": "2006-05-13T00:00:00", "type": "nessus", "title": "FreeBSD : xine -- multiple remote string vulnerabilities (8d4ae57d-d2ab-11da-a672-000e0c2e438a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-1905"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:xine", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_8D4AE57DD2AB11DAA672000E0C2E438A.NASL", "href": "https://www.tenable.com/plugins/nessus/21471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21471);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1905\");\n script_bugtraq_id(17579);\n\n script_name(english:\"FreeBSD : xine -- multiple remote string vulnerabilities (8d4ae57d-d2ab-11da-a672-000e0c2e438a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"c0ntexb reports :\n\nThere are 2 format string bugs in the latest version of Xine that\ncould be exploited by a malicious person to execute code on the system\nof a remote user running the media player against a malicious playlist\nfile. By passing a format specifier in the path of a file that is\nembedded in a remote playlist, it is possible to trigger this bug.\"\n );\n # http://www.open-security.org/advisories/16\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ww17.open-security.org/advisories/16\"\n );\n # https://vuxml.freebsd.org/freebsd/8d4ae57d-d2ab-11da-a672-000e0c2e438a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d68f734\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"xine<0.99.4_4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:05:42", "description": "\nSeveral format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.\n\n\nThe old stable distribution (woody) is not affected by these problems.\n\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.99.3-1sarge1.\n\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\n\nWe recommend that you upgrade your xine-ui package.\n\n\n", "cvss3": {}, "published": "2006-06-08T00:00:00", "type": "osv", "title": "xine - format string", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2230"], "modified": "2022-08-10T07:05:29", "id": "OSV:DSA-1093-1", "href": "https://osv.dev/vulnerability/DSA-1093-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:17:53", "description": "### Background\n\nxine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. \n\n### Description\n\nLudwig Nussel discovered that xine-ui incorrectly implements formatted printing. \n\n### Impact\n\nBy constructing a malicious playlist file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xine-ui users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/xine-ui-0.99.4-r5\"", "cvss3": {}, "published": "2006-04-26T00:00:00", "type": "gentoo", "title": "xine-ui: Format string vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-1905"], "modified": "2006-04-26T00:00:00", "id": "GLSA-200604-15", "href": "https://security.gentoo.org/glsa/200604-15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T14:54:46", "description": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.", "cvss3": {}, "published": "2006-04-20T10:02:00", "type": "cve", "title": "CVE-2006-1905", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-1905"], "modified": "2018-10-18T16:37:00", "cpe": ["cpe:/a:xine:xine:1_rc7", "cpe:/a:xine:xine:1_rc0a", "cpe:/a:xine:xine:1_beta1", "cpe:/a:xine:xine:1_rc3a", "cpe:/a:xine:xine:1_rc0", "cpe:/a:xine:xine:1_beta12", "cpe:/a:xine:xine:1_rc5", "cpe:/a:xine:xine:0.9.8", "cpe:/a:xine:xine:1_rc8", "cpe:/a:xine:xine:1_beta10", "cpe:/a:xine:xine:1_rc6a", "cpe:/a:xine:xine:1.0", "cpe:/a:xine:xine:1_beta7", "cpe:/a:xine:xine:1.0.1", "cpe:/a:xine:xine:1_beta9", "cpe:/a:xine:xine:1_rc2", "cpe:/a:xine:xine:1_rc4", "cpe:/a:xine:xine:1_beta6", "cpe:/a:xine:xine:1_beta11", "cpe:/a:xine:xine:1_beta2", "cpe:/a:xine:xine:1_rc6", "cpe:/a:xine:xine:1_alpha", "cpe:/a:xine:xine:0.9.13", "cpe:/a:xine:xine:1_beta8", "cpe:/a:xine:xine:0.9.18", "cpe:/a:xine:xine:1_rc1", "cpe:/a:xine:xine:1_rc3b", "cpe:/a:xine:xine:1_beta4", "cpe:/a:xine:xine:1_beta5", "cpe:/a:xine:xine:1_rc3", "cpe:/a:xine:xine:1_beta3"], "id": "CVE-2006-1905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1905", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*", "cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nc0ntexb reports:\n\nThere are 2 format string bugs in the latest version of\n\t Xine that could be exploited by a malicious person to\n\t execute code on the system of a remote user running the\n\t media player against a malicious playlist file. By passing\n\t a format specifier in the path of a file that is embedded\n\t in a remote playlist, it is possible to trigger this bug.\n\n\n", "cvss3": {}, "published": "2006-04-18T00:00:00", "type": "freebsd", "title": "xine -- multiple remote string vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-1905"], "modified": "2006-04-18T00:00:00", "id": "8D4AE57D-D2AB-11DA-A672-000E0C2E438A", "href": "https://vuxml.freebsd.org/freebsd/8d4ae57d-d2ab-11da-a672-000e0c2e438a.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:03:35", "description": "If a server or client is using DIGEST-MD5 authentication via the cyrus-sasl libraries it is possible to cause a denial of service attack against the other side (client or server) by leaving out the \"realm=\" header in the authentication.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2006-05-05T14:16:08", "type": "suse", "title": "remote denial of service in cyrus-sasl-digestmd5", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2006-1905", "CVE-2006-1721", "CVE-2006-1989"], "modified": "2006-05-05T14:16:08", "id": "SUSE-SA:2006:025", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-05/msg00012.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
CVE-2006-2230
