FreeBSD : xine-lib arbitrary file overwrite (e50b04e8-9c55-11d8-9366-0020ed76ef5a)
Medium Nessus Plugin ID 37040
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionFrom the xinehq advisory :
By opening a malicious MRL in any xine-lib based media player, an attacker can write arbitrary content to an arbitrary file, only restricted by the permissions of the user running the application.
The flaw is a result of a feature that allows MRLs (media resource locator URIs) to specify arbitrary configuration options.
SolutionUpdate the affected package.