lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <45BA2CB6.1080509@gmail.com>
Date: Fri, 26 Jan 2007 17:30:46 +0100
From: endrazine <endrazine@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Fwd: Re: [ GLSA 200701-18 ] xine-ui: Format
 string vulnerabilities]

Hello,

Ok, apparently, the primary source of information is the Cert, since :
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0254

hrm, I still think the vunerability has nothing to do with 
errors_create_window thoo.

Cheers,

endrazine-

endrazine a écrit :
> Hi list,
>
> I couldn't get a confirmation from the author of this post.
> GLSAs are very often the best source of detailed information
> on a given vulnerability imho ; at least, They provide indications
> on the type of vulnerability and the afected function name.
>
> Too bad they're inacurate :/
>
> Regards,
>
> endrazine-
>
>
>
> ------------------------------------------------------------------------
>
> Sujet:
> Re: [Full-disclosure] [ GLSA 200701-18 ] xine-ui: Format string 
> vulnerabilities
> Expéditeur:
> endrazine <endrazine@...il.com>
> Date:
> Wed, 24 Jan 2007 08:08:51 +0100
> Destinataire:
> Raphael Marichez <falco@...too.org>
>
> Destinataire:
> Raphael Marichez <falco@...too.org>
>
>
> Hello Raphael,
>
> I have an issue with this Glsa (wich is a really usefull service 
> between, thx) :
>
> I think the affected syscall is xitk_window_dialog_error rather at 
> line 128,231,357 in /src/xitk/errors.c
> the "bad" thing is that errors_create_window exists  but wasn't 
> modified at all...
>
> see below...
>
>
>
>
> $ diff ./xine-ui-0.99.4/src/xitk/errors.c 
> ../../xine-ui-0.99.5_pre20060716/work/xine-ui-0.99.5_pre20060716/src/xitk/errors.c 
>
> 20c20
> <  * $Id: errors.c,v 1.32 2005/02/07 18:16:28 miguelfreitas Exp $
> ---
> >  * $Id: errors.c,v 1.34 2006/07/15 08:46:50 dgp85 Exp $
> 71c71
> <                                                message);
> ---
> >                                                "%s", message);
> 113c113
> <   if(gGui->stdctl_enable) {
> ---
> >   if(gGui->stdctl_enable || !gGui->display) {
> 128c128
> <       xw = xitk_window_dialog_error(gGui->imlib_data, buf2);
> ---
> >       xw = xitk_window_dialog_error(gGui->imlib_data, "%s", buf2);
> 231c231
> <       xw = xitk_window_dialog_info(gGui->imlib_data, buf2);
> ---
> >       xw = xitk_window_dialog_info(gGui->imlib_data, "%s", buf2);
> 357c357
> <                                                message);
> ---
> >                                                "%s", message);
>
>
>
>
> Regards,
>
>
> endrazine-
>
>
>
>
>
> Raphael Marichez a écrit :
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> Gentoo Linux Security Advisory                           GLSA 200701-18
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>                                             http://security.gentoo.org/
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>
>>   Severity: Normal
>>      Title: xine-ui: Format string vulnerabilities
>>       Date: January 23, 2007
>>       Bugs: #161558
>>         ID: 200701-18
>>
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>
>> Synopsis
>> ========
>>
>> xine-ui improperly handles format strings, possibly allowing for the
>> execution of arbitrary code.
>>
>> Background
>> ==========
>>
>> xine-ui is a skin-based user interface for xine. xine is a free
>> multimedia player. It plays CDs, DVDs, and VCDs, and can also decode
>> other common multimedia formats.
>>
>> Affected packages
>> =================
>>
>>     -------------------------------------------------------------------
>>      Package  /       Vulnerable       /                    Unaffected
>>     -------------------------------------------------------------------
>>   1  xine-ui     < 0.99.5_pre20060716            >= 0.99.5_pre20060716
>>
>> Description
>> ===========
>>
>> Due to the improper handling and use of format strings, the
>> errors_create_window() function in errors.c does not safely write data
>> to memory.
>>
>> Impact
>> ======
>>
>> An attacker could entice a user to open a specially crafted media file
>> with xine-ui, and possibly execute arbitrary code.
>>
>> Workaround
>> ==========
>>
>> There is no known workaround at this time.
>>
>> Resolution
>> ==========
>>
>> All xine-ui users should upgrade to the latest version:
>>
>>     # emerge --sync
>>     # emerge --ask --oneshot --verbose 
>> ">=media-video/xine-ui-0.99.5_pre20060716"
>>
>> References
>> ==========
>>
>>   [ 1 ] CVE-2007-0254
>>         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0254
>>
>> Availability
>> ============
>>
>> This GLSA and any updates to it are available for viewing at
>> the Gentoo Security Website:
>>
>>   http://security.gentoo.org/glsa/glsa-200701-18.xml
>>
>> Concerns?
>> =========
>>
>> Security is a primary focus of Gentoo Linux and ensuring the
>> confidentiality and security of our users machines is of utmost
>> importance to us. Any security concerns should be addressed to
>> security@...too.org or alternatively, you may file a bug at
>> http://bugs.gentoo.org.
>>
>> License
>> =======
>>
>> Copyright 2007 Gentoo Foundation, Inc; referenced text
>> belongs to its owner(s).
>>
>> The contents of this document are licensed under the
>> Creative Commons - Attribution / Share Alike license.
>>
>> http://creativecommons.org/licenses/by-sa/2.5
>>   
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ