xine-ui Playlists MRL Arbitrary File Modification

2004-04-22T04:49:06
ID OSVDB:5739
Type osvdb
Reporter OSVDB
Modified 2004-04-22T04:49:06

Description

Vulnerability Description

xine-ui contains a flaw that may allow a remote attacker to overwrite arbitrary files. The problem is that playlists can alter options in the configuration file. If an attacker creates a specially crafted MRL link, they could overwrite arbitrary files on the system, if a person clicks on the link and plays the malicious audio stream.

Solution Description

Upgrade to version 0.99.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

xine-ui contains a flaw that may allow a remote attacker to overwrite arbitrary files. The problem is that playlists can alter options in the configuration file. If an attacker creates a specially crafted MRL link, they could overwrite arbitrary files on the system, if a person clicks on the link and plays the malicious audio stream.

References:

Vendor Specific Advisory URL Secunia Advisory ID:11433 Related OSVDB ID: 5594 Keyword: XSA-2004-2 ISS X-Force ID: 15939 Bugtraq ID: 10193