xine-lib xineplug_inp_http.so HTTP Response Remote Overflow

2006-05-30T10:50:10
ID OSVDB:25936
Type osvdb
Reporter Federico L. Bossi Bonin(fbossi@netcomm.com.ar)
Modified 2006-05-30T10:50:10

Description

Vulnerability Description

A remote overflow exists in xine-lib. The xineplug_inp_http.so library fails to properly check bounds for HTTP responses resulting in a buffer overflow. By tricking a victim into opening an HTTP link to a malicious website, an attacker can cause arbitary code execution on the victim\'s system resulting in a loss of integrity.

Technical Description

Applications that use a vulnerable version of the library may also be affected.

Solution Description

Upgrade to cvs version (after 2006-05-31) or version 1.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in xine-lib. The xineplug_inp_http.so library fails to properly check bounds for HTTP responses resulting in a buffer overflow. By tricking a victim into opening an HTTP link to a malicious website, an attacker can cause arbitary code execution on the victim\'s system resulting in a loss of integrity.

Manual Testing Notes

perl -e 'print "A"x"9500"' | nc -lp 8080 and then open "xine http://localhost:8080/foo.mpg"

References:

Vendor URL: http://xinehq.de/ Vendor Specific Solution URL: http://sourceforge.net/mailarchive/forum.php?thread_id=11077232&forum_id=11923 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:20369 Secunia Advisory ID:20766 Secunia Advisory ID:20828 Secunia Advisory ID:20942 Secunia Advisory ID:20549 Secunia Advisory ID:21919 Other Advisory URL: http://www.securiteam.com/unixfocus/5JP0W0AIKA.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-08.xml Other Advisory URL: http://www.ubuntu.com/usn/usn-295-1 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html Generic Exploit URL: http://milw0rm.com/exploits/1852 CVE-2006-2802 Bugtraq ID: 18187