|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 4648 CVE : CVE-2008-5233 CVE : CVE-2008-5234 CVE : CVE-2008-5236 CVE : CVE-2008-5237 CVE : CVE-2008-5238 CVE : CVE-2008-5239 CVE : CVE-2008-5240 CVE : CVE-2008-5241 CVE : CVE-2008-5242 CVE : CVE-2008-5243 CVE : CVE-2008-5247 CWE : CWE-119 SecurityRisk : High  (About) Remote Exploit : No Local Exploit : Yes Victim interaction required : No Exploit Available : No Credit : Will Drewry Published : 28.11.2008
Advisory Content : #2008-008 multiple heap overflows in xine-lib Description: The xine free multimedia player suffers from a number of vulnerabilities ranging in severity. The worst of these vulnerabilities results in arbitrary code execution and the least, in unexpected process termination. Five heap buffer overflows exist in parsing of real audio files, id3 tags, qt mov files, and matroska headers which all can result in arbitrary code execution. Three additional heap buffer overflows occur in mng, mod, and real handling which are potentially exploitable. Seven additional issues were identified in the input plugins as well as the real, qt, and matroska demuxers which result in process termination or memory corruption that may have wider implications. The oCERT team was contacted by the Xine project requesting a review of some code changes relating to memory allocations. These vulnerabilities were the findings of this requested analysis. The full analysis text can be found in the references below. Affected version: xine-lib <= 1.1.14 Fixed version: xine-lib >= 1.1.15 [*] * - see analysis text for more detail on fixes Credit: Will Drewry, oCERT Team | Google Security Team. CVE: TBD Timeline: 2008-04-30: vendor contacts oCERT asking patch analysis 2008-05-06: analysis results in bug being found, test case sent upstream 2008-05-07: vendor submits second set of patches for analysis 2008-05-07: vendor provides issue private exposure to some vendors 2008-05-07: vendor proposes patch for the found security bug 2008-05-25: Full analysis results supplied to vendor and another PoC 2008-05-27: oCERT contacts vendor regarding timeline and coordination 2008-05-28: vendor asks for clarification 2008-06-09: oCERT contacts vendor offering help 2008-06-11: vendor supplies patches 2008-06-18: oCERT indicates that patches are incomplete 2008-06-21: vendor confirms receipt and looks in to options 2008-07-02: vendor indicates problem with a potential fix; oCERT replies 2008-07-28: vendor contact becomes unavailable 2008-08-11: oCERT attempts another contact with vendor 2008-08-12: new contact is confirmed 2008-08-14: xine-lib releases 1.1.15 with fixes (w/out oCERT knowledge) 2008-08-18: oCERT supplies all original findings and test cases again 2008-08-22: Ludwig Nussel notified oCERT regarding 1.1.15 2008-08-22: advisory release References: - Vulnerability analysis report: http://www.ocert.org/analysis/2008-008/analysis.txt - xine-1.1.15 release notes: http://sourceforge.net/project/shownotes.php?release_id=619869&group_id= 9655 Links: - http://xinehq.de -- Will Drewry <redpig (at) ocert (dot) org [email concealed]> oCERT Team :: http://ocert.org References : http://www.securityfocus.com/archive/1/archive/1/495674/100/0/threaded
http://www.securityfocus.com/bid/30797
http://www.ocert.org/analysis/2008-008/analysis.txt
http://sourceforge.net/project/shownotes.php?release_id=619869
http://securitytracker.com/id?1020703  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |