CVE-2006-2230
CVSS5.0
发布时间 :2006-05-05 15:02:00
修订时间 :2008-09-05 17:04:00
NMCOS    

[原文]Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.


[CNNVD]Xine 文件名处理 远程格式串漏洞(CNNVD-200605-110)

        Xine是Linux系统下播放VCD/DVD的程序。
        Xine在处理特制文件名时存在格式串漏洞,远程攻击者可以通过诱骗用户访问包含有格式串的恶意文件名导致执行任意代码。
        漏洞代码:
        在src/xitk/main.c中:
        /* (file name or mrl) */
         case XINE_MSG_FILE_NOT_FOUND:
         snprintf(buffer, sizeof(buffer), "目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://xinehq.de/", _("The specified file or mrl is not \
        found. Please check it twic e."));
         if(data->explanation)
         sprintf(buffer, " ()", buffer, (char *) data + data->parameters);
         break;
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2230
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2230
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-110
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/17769
(UNKNOWN)  BID  17769
http://www.securityfocus.com/archive/1/archive/1/432598/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060429 XINE format string bugs when handling non existen file
http://www.debian.org/security/2006/dsa-1093
(UNKNOWN)  DEBIAN  DSA-1093
http://xforce.iss.net/xforce/xfdb/26216
(UNKNOWN)  XF  xine-mainc-format-string(26216)

- 漏洞信息

Xine 文件名处理 远程格式串漏洞
中危 格式化字符串
2006-05-05 00:00:00 2006-08-28 00:00:00
远程  
        Xine是Linux系统下播放VCD/DVD的程序。
        Xine在处理特制文件名时存在格式串漏洞,远程攻击者可以通过诱骗用户访问包含有格式串的恶意文件名导致执行任意代码。
        漏洞代码:
        在src/xitk/main.c中:
        /* (file name or mrl) */
         case XINE_MSG_FILE_NOT_FOUND:
         snprintf(buffer, sizeof(buffer), "目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://xinehq.de/", _("The specified file or mrl is not \
        found. Please check it twic e."));
         if(data->explanation)
         sprintf(buffer, " ()", buffer, (char *) data + data->parameters);
         break;
        

- 公告与补丁

        

- 漏洞信息

25606
xine xiTK Multiple Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-04-29 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Xine Filename Handling Remote Format String Vulnerability
Input Validation Error 17769
Yes No
2006-05-01 12:00:00 2006-11-24 05:35:00
Discovery is credited to KaDaL-X <king_purba@yahoo.co.uk>.

- 受影响的程序版本

xine xine-ui 0.99.4
xine xine-ui 0.99.3
xine xine-ui 0.99.2
xine xine-ui 0.99.1
+ xine xine 0.9.13
+ xine xine 0.9.8
+ xine xine 1-rc3b
+ xine xine 1-rc3a
+ xine xine 1-rc3
+ xine xine 1-rc2
+ xine xine 1-rc1
+ xine xine 1-rc0a
+ xine xine 1-beta9
+ xine xine 1-beta8
+ xine xine 1-beta7
+ xine xine 1-beta6
+ xine xine 1-beta5
+ xine xine 1-beta4
+ xine xine 1-beta3
+ xine xine 1-beta2
+ xine xine 1-beta12
+ xine xine 1-beta11
+ xine xine 1-beta10
+ xine xine 1-beta1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

The xine package is susceptible to a remote format-string vulnerability.

This issue arises when the application handles specially crafted filenames. An attacker can exploit this vulnerability by crafting a malicious filename that contains format specifiers and then coercing unsuspecting users to try to execute the affected application with the malicious filename as an argument.

A successful attack may crash the application or lead to arbitrary code execution.

Version 0.99.4 of xine is vulnerable to this issue; other versions may also be affected.

- 漏洞利用

The following command is sufficient to demonstrate this issue:
xine %p-%p.mp3

This will result in a file-not-found dialog being displayed. The dialog will report that the file that was not found has a name similar to '0x811ac8e-0xbe1fdabc.mp3'

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Currently we are not aware of any official vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com

Please see the referenced third-party vendor advisories for details on obtaining updates.


xine xine-ui 0.99.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站