This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200404-20
(Multiple vulnerabilities in xine)
Several vulnerabilities were found in xine-ui and xine-lib. By opening
a malicious MRL in any xine-lib based media player, an attacker can
write arbitrary content to an arbitrary file, only restricted by the
permissions of the user running the application. By opening a malicious
playlist in the xine-ui media player, an attacker can write arbitrary
content to an arbitrary file, only restricted by the permissions of the
user running xine-ui. Finally, a temporary file is created in an
insecure manner by the xine-check and xine-bugreport scripts,
potentially allowing a local attacker to use a symlink attack.
These three vulnerabilities may alow an attacker to corrupt system
files, thus potentially leading to a Denial of Service. It is also
theoretically possible, though very unlikely, to use these
vulnerabilities to elevate the privileges of the attacker.
There is no known workaround at this time. All users are advised to
upgrade to the latest available versions of xine-ui and xine-lib.
See also :
All users of xine-ui or another xine-based player should upgrade to the
latest stable versions:
# emerge sync
# emerge -pv '>=media-video/xine-ui-0.9.23-r2'
# emerge '>=media-video/xine-ui-0.9.23-r2'
# emerge -pv '>=media-libs/xine-lib-1_rc3-r3'
# emerge '>=media-libs/xine-lib-1_rc3-r3'
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Gentoo Local Security Checks
Nessus Plugin ID: 14485 (gentoo_GLSA-200404-20.nasl)
CVE ID: CVE-2004-0372CVE-2004-1951
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.