Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.59669
Kategorie:Turbolinux Local Security Tests
Titel:Turbolinux TLSA-2007-33 (xine-lib)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to xine-lib
announced via advisory TLSA-2007-33.

The xine engine is a free media player engine. It comes in the form of a shared
libarary and is typically used by media player frontends and other multimedia
applications for playback of multimedia streams such as movies, radio/tv
network streams, DVDs, VCDs.

Remote attackers to cause a buffer overflow.

The DirectShow loader and DMO_VideoDecoder_Open in MPlayer 1.0rc1 used in xine-lib,
does not set the biSize before use in a memcpy, which allows user-assisted remote
attackers to cause a buffer overflow and possibly execute arbitrary code.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2007-33

Risk factor : High

CVSS Score:
7.6

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-1246
BugTraq ID: 22771
http://www.securityfocus.com/bid/22771
Bugtraq: 20070423 FLEA-2007-0013-1: xine-lib (Google Search)
http://www.securityfocus.com/archive/1/466691/30/6900/threaded
Debian Security Information: DSA-1536 (Google Search)
http://www.debian.org/security/2008/dsa-1536
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html
http://security.gentoo.org/glsa/glsa-200704-09.xml
http://security.gentoo.org/glsa/glsa-200705-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:055
http://www.mandriva.com/security/advisories?name=MDKSA-2007:057
http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204
http://secunia.com/advisories/24443
http://secunia.com/advisories/24444
http://secunia.com/advisories/24446
http://secunia.com/advisories/24448
http://secunia.com/advisories/24462
http://secunia.com/advisories/24866
http://secunia.com/advisories/24897
http://secunia.com/advisories/24995
http://secunia.com/advisories/25462
http://secunia.com/advisories/29601
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449141
SuSE Security Announcement: SUSE-SR:2007:005 (Google Search)
http://www.novell.com/linux/security/advisories/2007_5_sr.html
SuSE Security Announcement: SUSE-SR:2007:007 (Google Search)
http://www.novell.com/linux/security/advisories/2007_007_suse.html
http://www.ubuntu.com/usn/usn-433-1
http://www.vupen.com/english/advisories/2007/0794
XForce ISS Database: mplayer-dmovideodecoder-bo(32747)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32747
Common Vulnerability Exposure (CVE) ID: CVE-2007-1387
BugTraq ID: 22933
http://www.securityfocus.com/bid/22933
http://www.mandriva.com/security/advisories?name=MDKSA-2007:061
http://www.mandriva.com/security/advisories?name=MDKSA-2007:062
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072;msg=12;filename=DS_VideoDecoder.c---SVN--22205.patch;att=1
https://usn.ubuntu.com/435-1/
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.