CVE-2004-1300
CVSS10.0
发布时间 :2005-01-10 00:00:00
修订时间 :2008-09-10 15:29:45
NMCOS    

[原文]Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.


[CNNVD]Xine-lib demux_aiff.c 缓冲区溢出漏洞(CNNVD-200501-140)

        xine-lib是免费媒体播放软件xine的核心引擎。
        xine-lib (libxine) 1-rc7版本中demux_aiff.c的open_aiff_file函数存在缓冲溢出漏洞。
        远程攻击者可以利用特别构造的AIFF文件,执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1300
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1300
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-140
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/18611
(UNKNOWN)  XF  xine-openaifffile-bo(18611)
http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt
(VENDOR_ADVISORY)  MISC  http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:011
(UNKNOWN)  MANDRAKE  MDKSA-2005:011

- 漏洞信息

Xine-lib demux_aiff.c 缓冲区溢出漏洞
危急 缓冲区溢出
2005-01-10 00:00:00 2005-10-20 00:00:00
远程  
        xine-lib是免费媒体播放软件xine的核心引擎。
        xine-lib (libxine) 1-rc7版本中demux_aiff.c的open_aiff_file函数存在缓冲溢出漏洞。
        远程攻击者可以利用特别构造的AIFF文件,执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.xine-project.org/releases

- 漏洞信息

12474
xine-lib open_aiff_file() Function Overflow
Local Access Required Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Unknown

- 漏洞描述

A local overflow exists in xine. xine fails to check the boundary of "open_aiff_file()" function, resulting in a buffer overflow. With a specially crafted multimedia file, an attacker can read and write arbitrary files or watch the programs, resulting in a loss of confidentiality and integrity.

- 时间线

2004-12-16 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Xine-Lib Remote Client-Side Buffer Overflow Vulnerability
Boundary Condition Error 11969
Yes No
2004-12-16 12:00:00 2009-07-12 09:26:00
Discovery of this vulnerability is credited to Ariel Berkman.

- 受影响的程序版本

xine xine-lib 0.99
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
xine xine-lib 0.9.13
xine xine-lib 0.9.8
xine xine-lib 1-rc6a
xine xine-lib 1-rc5
xine xine-lib 1-rc4
xine xine-lib 1-rc3c
+ Slackware Linux 9.1
+ Slackware Linux -current
xine xine-lib 1-rc3b
xine xine-lib 1-rc3a
xine xine-lib 1-rc3
xine xine-lib 1-rc2
xine xine-lib 1-rc1
xine xine-lib 1-rc0
xine xine-lib 1-beta9
xine xine-lib 1-beta8
xine xine-lib 1-beta7
xine xine-lib 1-beta6
xine xine-lib 1-beta5
xine xine-lib 1-beta4
xine xine-lib 1-beta3
xine xine-lib 1-beta2
xine xine-lib 1-beta12
xine xine-lib 1-beta11
xine xine-lib 1-beta10
xine xine-lib 1-beta1
xine xine-lib 1-alpha
xine xine 0.9.18
+ S.u.S.E. Linux Personal 8.2
xine xine 0.9.13
xine xine 0.9.8
- Debian Linux 3.0 sparc
- Debian Linux 3.0 s/390
- Debian Linux 3.0 ppc
- Debian Linux 3.0 mipsel
- Debian Linux 3.0 mips
- Debian Linux 3.0 m68k
- Debian Linux 3.0 ia-64
- Debian Linux 3.0 ia-32
- Debian Linux 3.0 hppa
- Debian Linux 3.0 arm
- Debian Linux 3.0 alpha
- Debian Linux 3.0
xine xine 1-rc6a
xine xine 1-rc5
xine xine 1-rc4
xine xine 1-rc3b
xine xine 1-rc3a
xine xine 1-rc3
xine xine 1-rc2
xine xine 1-rc1
xine xine 1-rc1
xine xine 1-rc0a
xine xine 1-rc0
xine xine 1-beta9
xine xine 1-beta8
xine xine 1-beta7
xine xine 1-beta6
xine xine 1-beta5
xine xine 1-beta4
xine xine 1-beta3
xine xine 1-beta2
xine xine 1-beta12
xine xine 1-beta11
xine xine 1-beta10
xine xine 1-beta1
xine xine 1-alpha
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
xine xine-lib 1.0

- 不受影响的程序版本

xine xine-lib 1.0

- 漏洞讨论

It is reported that the xine media library is affected by a remote buffer overflow vulnerability. This issue can allow a remote attacker to gain unauthorized access to a vulnerable computer. The overflow condition presents itself in the 'demux_aiff.c' file.

- 漏洞利用

The following exploit is available:

- 解决方案

xine-lib 1.0 addresses this vulnerability.

Turbolinux has released a security announcement (TLSA- 24022005) and fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Gentoo has released an advisory GLSA 200501-07 to address various issues in xine-lib. Gentoo users may carry out the following commands to update their systems:

emerge --sync
emerge --ask --oneshot --verbose media-libs/xine-lib

Please see the referenced advisory for more information.

Mandrake has released an advisory MDKSA-2005:011 to address various issues in xine-lib. Please see the referenced advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.


xine xine-lib 1-rc2

xine xine-lib 1-beta3

xine xine-lib 1-rc6a

xine xine-lib 1-beta1

xine xine-lib 1-rc3a

xine xine-lib 1-beta4

xine xine-lib 1-beta8

xine xine-lib 1-rc5

xine xine-lib 1-rc3b

xine xine-lib 1-rc1

xine xine-lib 1-rc4

xine xine-lib 1-beta7

xine xine 1-rc3

xine xine-lib 1-rc3c

xine xine-lib 1-beta9

xine xine-lib 1-beta10

xine xine-lib 1-rc3

xine xine-lib 1-beta2

xine xine-lib 1-beta12

xine xine-lib 1-rc0

xine xine-lib 1-beta11

xine xine-lib 1-beta6

xine xine-lib 1-beta5

xine xine 1-rc0a

xine xine-lib 1-alpha

xine xine 1-rc5

xine xine-lib 0.9.13

xine xine 0.9.18

xine xine-lib 0.9.8

xine xine-lib 0.99

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站