Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:180)
High Nessus Plugin ID 20040
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionWhen playing an Audio CD, a xine-lib based media application contacts a CDDB server to retrieve metadata like the title and artist's name.
During processing of this data, a response from the server, which is located in memory on the stack, is passed to the fprintf() function as a format string. An attacker can set up a malicious CDDB server and trick the client into using this server instead of the pre- configured one. Alternatively, any user and therefore the attacker can modify entries in the official CDDB server. Using this format string vulnerability, attacker-chosen data can be written to an attacker-chosen memory location. This allows the attacker to alter the control flow and to execute malicious code with the permissions of the user running the application.
This problem was reported by Ulf Harnhammar from the Debian Security Audit Project.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected packages.