Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [Fwd: Re: [ GLSA 200701-18 ] xine-ui: Format string vu

from [endrazine] Network Security [Permanent Link]
Subject: [Full-disclosure] [Fwd: Re: [ GLSA 200701-18 ] xine-ui: Format string vulnerabilities]
Date: Fri, 26 Jan 2007 12:03:45 +0100 
Hi list,

I couldn't get a confirmation from the author of this post.
GLSAs are very often the best source of detailed information
on a given vulnerability imho ; at least, They provide indications
on the type of vulnerability and the afected function name.

Too bad they're inacurate :/

Regards,

endrazine-


--- Begin Message ---
Subject: Re: [Full-disclosure] [ GLSA 200701-18 ] xine-ui: Format string vulnerabilities
Date: Wed, 24 Jan 2007 08:08:51 +0100 
Hello Raphael,

I have an issue with this Glsa (wich is a really usefull service between, thx) :

I think the affected syscall is xitk_window_dialog_error rather at line 128,231,357 in /src/xitk/errors.c
the "bad" thing is that errors_create_window exists but wasn't modified at all...

see below...




$ diff ./xine-ui-0.99.4/src/xitk/errors.c ../../xine-ui-0.99.5_pre20060716/work/xine-ui-0.99.5_pre20060716/src/xitk/errors.c
20c20
< * $Id: errors.c,v 1.32 2005/02/07 18:16:28 miguelfreitas Exp $
---
> * $Id: errors.c,v 1.34 2006/07/15 08:46:50 dgp85 Exp $
71c71
< message);
---
> "%s", message);
113c113
< if(gGui->stdctl_enable) {
---
> if(gGui->stdctl_enable || !gGui->display) {
128c128
< xw = xitk_window_dialog_error(gGui->imlib_data, buf2);
---
> xw = xitk_window_dialog_error(gGui->imlib_data, "%s", buf2);
231c231
< xw = xitk_window_dialog_info(gGui->imlib_data, buf2);
---
> xw = xitk_window_dialog_info(gGui->imlib_data, "%s", buf2);
357c357
< message);
---
> "%s", message);




Regards,


endrazine-





Raphael Marichez a écrit : 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200701-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: xine-ui: Format string vulnerabilities
      Date: January 23, 2007
      Bugs: #161558
        ID: 200701-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

xine-ui improperly handles format strings, possibly allowing for the
execution of arbitrary code.

Background
==========

xine-ui is a skin-based user interface for xine. xine is a free
multimedia player. It plays CDs, DVDs, and VCDs, and can also decode
other common multimedia formats.

Affected packages
=================

    -------------------------------------------------------------------
     Package  /       Vulnerable       /                    Unaffected
    -------------------------------------------------------------------
  1  xine-ui     < 0.99.5_pre20060716            >= 0.99.5_pre20060716

Description
===========

Due to the improper handling and use of format strings, the
errors_create_window() function in errors.c does not safely write data
to memory.

Impact
======

An attacker could entice a user to open a specially crafted media file
with xine-ui, and possibly execute arbitrary code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All xine-ui users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose 
">=media-video/xine-ui-0.99.5_pre20060716"

References
==========

  [ 1 ] CVE-2007-0254
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0254

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200701-18.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--- End Message ---
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] [c-nsp] Cisco Security Advisory: Crafted IP Option Vulnerability, Justin Shore
Next by Date:  [Full-disclosure] crappy qnx 6.3.2 stuff, Knud Erik Højgaard
Previous by Thread:  Re: [Full-disclosure] [c-nsp] Cisco Security Advisory: Crafted IP Option Vulnerability, Justin Shore
Next by Thread:  Re: [Full-disclosure] [Fwd: Re: [ GLSA 200701-18 ] xine-ui: Format string vulnerabilities], endrazine
Indexes:  [Date] [Thread] [Top] [All Lists]