[Fwd: Re: [ GLSA 200701-18 ] xine-ui: Format string vulnerabilities]

[endrazine <endrazine () gmail com>]

Hi list,

I couldn't get a confirmation from the author of this post.
GLSAs are very often the best source of detailed information
on a given vulnerability imho ; at least, They provide indications
on the type of vulnerability and the afected function name.

Too bad they're inacurate :/

Regards,

endrazine-


> --- Begin Message ---
>
>
> From: endrazine <endrazine () gmail com>
>
> Date: Wed, 24 Jan 2007 08:08:51 +0100
>
> Hello Raphael,
>
> I have an issue with this Glsa (wich is a really usefull service 
> between, thx) :
>
> I think the affected syscall is xitk_window_dialog_error rather at line 
> 128,231,357 in /src/xitk/errors.c
> the "bad" thing is that errors_create_window exists  but wasn't modified 
> at all...
>
> see below...
>
>
>
>
> $ diff ./xine-ui-0.99.4/src/xitk/errors.c 
> ../../xine-ui-0.99.5_pre20060716/work/xine-ui-0.99.5_pre20060716/src/xitk/errors.c
> 20c20
> <  * $Id: errors.c,v 1.32 2005/02/07 18:16:28 miguelfreitas Exp $
> ---
> >  * $Id: errors.c,v 1.34 2006/07/15 08:46:50 dgp85 Exp $
> 71c71
> <                                                message);
> ---
> >                                                "%s", message);
> 113c113
> <   if(gGui->stdctl_enable) {
> ---
> >   if(gGui->stdctl_enable || !gGui->display) {
> 128c128
> <       xw = xitk_window_dialog_error(gGui->imlib_data, buf2);
> ---
> >       xw = xitk_window_dialog_error(gGui->imlib_data, "%s", buf2);
> 231c231
> <       xw = xitk_window_dialog_info(gGui->imlib_data, buf2);
> ---
> >       xw = xitk_window_dialog_info(gGui->imlib_data, "%s", buf2);
> 357c357
> <                                                message);
> ---
> >                                                "%s", message);
>
>
>
>
> Regards,
>
>
> endrazine-
>
>
>
>
>
> Raphael Marichez a écrit :
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> > Gentoo Linux Security Advisory                           GLSA 200701-18
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >                                             http://security.gentoo.org/
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >
> >   Severity: Normal
> >      Title: xine-ui: Format string vulnerabilities
> >       Date: January 23, 2007
> >       Bugs: #161558
> >         ID: 200701-18
> >
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >
> > Synopsis
> > ========
> >
> > xine-ui improperly handles format strings, possibly allowing for the
> > execution of arbitrary code.
> >
> > Background
> > ==========
> >
> > xine-ui is a skin-based user interface for xine. xine is a free
> > multimedia player. It plays CDs, DVDs, and VCDs, and can also decode
> > other common multimedia formats.
> >
> > Affected packages
> > =================
> >
> >     -------------------------------------------------------------------
> >      Package  /       Vulnerable       /                    Unaffected
> >     -------------------------------------------------------------------
> >   1  xine-ui     < 0.99.5_pre20060716            >= 0.99.5_pre20060716
> >
> > Description
> > ===========
> >
> > Due to the improper handling and use of format strings, the
> > errors_create_window() function in errors.c does not safely write data
> > to memory.
> >
> > Impact
> > ======
> >
> > An attacker could entice a user to open a specially crafted media file
> > with xine-ui, and possibly execute arbitrary code.
> >
> > Workaround
> > ==========
> >
> > There is no known workaround at this time.
> >
> > Resolution
> > ==========
> >
> > All xine-ui users should upgrade to the latest version:
> >
> >     # emerge --sync
> >     # emerge --ask --oneshot --verbose ">=media-video/xine-ui-0.99.5_pre20060716"
> >
> > References
> > ==========
> >
> >   [ 1 ] CVE-2007-0254
> >         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0254
> >
> > Availability
> > ============
> >
> > This GLSA and any updates to it are available for viewing at
> > the Gentoo Security Website:
> >
> >   http://security.gentoo.org/glsa/glsa-200701-18.xml
> >
> > Concerns?
> > =========
> >
> > Security is a primary focus of Gentoo Linux and ensuring the
> > confidentiality and security of our users machines is of utmost
> > importance to us. Any security concerns should be addressed to
> > security () gentoo org or alternatively, you may file a bug at
> > http://bugs.gentoo.org.
> >
> > License
> > =======
> >
> > Copyright 2007 Gentoo Foundation, Inc; referenced text
> > belongs to its owner(s).
> >
> > The contents of this document are licensed under the
> > Creative Commons - Attribution / Share Alike license.
> >
> > http://creativecommons.org/licenses/by-sa/2.5
> >   
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --- End Message ---
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/