Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:180)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

When playing an Audio CD, a xine-lib based media application contacts
a CDDB server to retrieve metadata like the title and artist's name.
During processing of this data, a response from the server, which is
located in memory on the stack, is passed to the fprintf() function as
a format string. An attacker can set up a malicious CDDB server and
trick the client into using this server instead of the pre- configured
one. Alternatively, any user and therefore the attacker can modify
entries in the official CDDB server. Using this format string
vulnerability, attacker-chosen data can be written to an
attacker-chosen memory location. This allows the attacker to alter the
control flow and to execute malicious code with the permissions of the
user running the application.

This problem was reported by Ulf Harnhammar from the Debian Security
Audit Project.

The updated packages have been patched to correct this problem.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 20040 (mandrake_MDKSA-2005-180.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2967

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now