This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200404-20
(Multiple vulnerabilities in xine)
Several vulnerabilities were found in xine-ui and xine-lib. By opening
a malicious MRL in any xine-lib based media player, an attacker can
write arbitrary content to an arbitrary file, only restricted by the
permissions of the user running the application. By opening a malicious
playlist in the xine-ui media player, an attacker can write arbitrary
content to an arbitrary file, only restricted by the permissions of the
user running xine-ui. Finally, a temporary file is created in an
insecure manner by the xine-check and xine-bugreport scripts,
potentially allowing a local attacker to use a symlink attack.
These three vulnerabilities may alow an attacker to corrupt system
files, thus potentially leading to a Denial of Service. It is also
theoretically possible, though very unlikely, to use these
vulnerabilities to elevate the privileges of the attacker.
There is no known workaround at this time. All users are advised to
upgrade to the latest available versions of xine-ui and xine-lib.
See also :
All users of xine-ui or another xine-based player should upgrade to the
latest stable versions:
# emerge sync
# emerge -pv '>=media-video/xine-ui-0.9.23-r2'
# emerge '>=media-video/xine-ui-0.9.23-r2'
# emerge -pv '>=media-libs/xine-lib-1_rc3-r3'
# emerge '>=media-libs/xine-lib-1_rc3-r3'
Risk factor :
Medium / CVSS Base Score : 5.0