Lucene search
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2005-180.NASLHistoryOct 19, 2005 - 12:00 a.m.
Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:180)
2005-10-1900:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
11
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.8%
When playing an Audio CD, a xine-lib based media application contacts a CDDB server to retrieve metadata like the title and artist’s name.
During processing of this data, a response from the server, which is located in memory on the stack, is passed to the fprintf() function as a format string. An attacker can set up a malicious CDDB server and trick the client into using this server instead of the pre- configured one. Alternatively, any user and therefore the attacker can modify entries in the official CDDB server. Using this format string vulnerability, attacker-chosen data can be written to an attacker-chosen memory location. This allows the attacker to alter the control flow and to execute malicious code with the permissions of the user running the application.
This problem was reported by Ulf Harnhammar from the Debian Security Audit Project.
The updated packages have been patched to correct this problem.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2005:180.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20040);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2005-2967");
script_xref(name:"MDKSA", value:"2005:180");
script_name(english:"Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:180)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"When playing an Audio CD, a xine-lib based media application contacts
a CDDB server to retrieve metadata like the title and artist's name.
During processing of this data, a response from the server, which is
located in memory on the stack, is passed to the fprintf() function as
a format string. An attacker can set up a malicious CDDB server and
trick the client into using this server instead of the pre- configured
one. Alternatively, any user and therefore the attacker can modify
entries in the official CDDB server. Using this format string
vulnerability, attacker-chosen data can be written to an
attacker-chosen memory location. This allows the attacker to alter the
control flow and to execute malicious code with the permissions of the
user running the application.
This problem was reported by Ulf Harnhammar from the Debian Security
Audit Project.
The updated packages have been patched to correct this problem."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xine1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xine1-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxine1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxine1-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-aa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-arts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-dxr3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-esd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-flac");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-gnomevfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-image");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-polyp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-smb");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
script_set_attribute(attribute:"patch_publication_date", value:"2005/10/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64xine1-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64xine1-devel-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libxine1-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libxine1-devel-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xine-aa-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xine-arts-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xine-dxr3-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xine-esd-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xine-flac-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xine-gnomevfs-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xine-plugins-1-0.rc5.9.3.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64xine1-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64xine1-devel-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libxine1-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libxine1-devel-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xine-aa-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xine-arts-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xine-dxr3-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xine-esd-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xine-flac-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xine-gnomevfs-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xine-plugins-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xine-polyp-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xine-smb-1.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64xine1-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64xine1-devel-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libxine1-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libxine1-devel-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-aa-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-arts-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-dxr3-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-esd-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-flac-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-gnomevfs-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-image-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-plugins-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-polyp-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xine-smb-1.1.0-8.1.20060mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | lib64xine1 | p-cpe:/a:mandriva:linux:lib64xine1 |
| mandriva | linux | lib64xine1-devel | p-cpe:/a:mandriva:linux:lib64xine1-devel |
| mandriva | linux | libxine1 | p-cpe:/a:mandriva:linux:libxine1 |
| mandriva | linux | libxine1-devel | p-cpe:/a:mandriva:linux:libxine1-devel |
| mandriva | linux | xine-aa | p-cpe:/a:mandriva:linux:xine-aa |
| mandriva | linux | xine-arts | p-cpe:/a:mandriva:linux:xine-arts |
| mandriva | linux | xine-dxr3 | p-cpe:/a:mandriva:linux:xine-dxr3 |
| mandriva | linux | xine-esd | p-cpe:/a:mandriva:linux:xine-esd |
| mandriva | linux | xine-flac | p-cpe:/a:mandriva:linux:xine-flac |
| mandriva | linux | xine-gnomevfs | p-cpe:/a:mandriva:linux:xine-gnomevfs |
Related
openvas
openvas
Debian Security Advisory DSA 863-1 (xine-lib)
2008-01-17 00:00:00
FreeBSD Ports: libxine
2008-09-04 00:00:00
FreeBSD Ports: libxine
2008-09-04 00:00:00
securityvulns
securityvulns
[UNIX] xine based CD Player Format String
2005-10-10 00:00:00
nessus
nessus
GLSA-200510-08 : xine-lib: Format string vulnerability
2005-10-11 00:00:00
Debian DSA-863-1 : xine-lib - format string vulnerability
2005-10-19 00:00:00
ubuntucve
ubuntucve
CVE-2005-2967
2005-10-14 00:00:00
freebsd
freebsd
libxine -- format string vulnerability
2005-10-08 00:00:00
packetstorm
packetstorm
xine-cddb-server.pl.txt
2005-10-08 00:00:00
gentoo
gentoo
xine-lib: Format string vulnerability
2005-10-08 00:00:00
nvd
nvd
CVE-2005-2967
2005-10-14 10:02:00
cvelist
cvelist
CVE-2005-2967
2005-10-14 04:00:00
cve
cve
CVE-2005-2967
2005-10-14 10:02:00
debian
debian
[SECURITY] [DSA 863-1] New xine-lib packages fix arbitrary code execution
2005-10-12 03:48:16
[SECURITY] [DSA 863-1] New xine-lib packages fix arbitrary code execution
2005-10-12 03:48:16
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.8%
Related for MANDRAKE_MDKSA-2005-180.NASL