HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2006-45
Buffer Overflow vulnerabilities in Xine-lib Real Media, GnuPG and libgsf

Original issue date: December 06, 2006

Severity Rating: Medium

Systems Affected

  • Xine-lib version 1.1.2 and prior
  • GnuPG version 1.4.5 and prior
  • GnuPG version 2.0.0 and prior

Overview

Multiple vulnerabilities have been reported in linux which could be exploited by remote attackers to execute arbitrary commands on the affected system or cause denial of service.

Description

1. Xine-lib Real Media Remote Buffer Overflow Vulnerability (CVE-2006-6172)

A vulnerability has been reported in Xine-lib due to memory corruption error in the asmrp_eval function (i.e input/libreal/asmrp.c) for Real Media input plugin.ch. A remote attacker could exploit the vulnerability to execute arbitrary commands via a rulebook with a large number of rulematches or cause denial of service.

2. GnuPG "ask_outfile_name()" Function Buffer Overflow Vulnerability

A vulnerability has been reported in GnuPG due to a boundary error in the "ask_outfile_name()" function that does not validate the size and return a string longer than the expected in openfile.c. The attacker could exploit this vulnerability by creating and hosting a specially crafted web page and could persuade a user to visit the web page to execute arbitrary commands or cause denial of service.
It may be noted that the vulnerability can be triggered in interactive mode. Batch mode is not affected.

3. GNOME Structured File Library "ole_info_read_metabat()" Buffer Overflow (CVE-2006-6161 - CVE-2006-4514)
A vulnerability has been reported in libgsf due to boundary error within the "ole_info_read_metabat()" function in gsf/gsf-infile-msole.c. This vulnerability could be exploited by remote attacker while processing a specially crafted file in an application using the library to execute arbitrary command or cause denial of service attack.

Solution

Apply appropriate patches suggested by vendor

Vendor Information

http://xinehq.de/index.php/releases

References

FrSIRT
http://www.frsirt.com/english/advisories/2006/4824
http://www.frsirt.com/english/advisories/2006/4736
http://www.frsirt.com/english/advisories/2006/4784

Secunia
http://secunia.com/advisories/23249/
http://secunia.com/advisories/23094
http://secunia.com/advisories/23164

Security Focus
http://www.securityfocus.com/archive/1/453474

Securitytracker
http://securitytracker.com/alerts/2006/Nov/1017291.html

Sourceforge
http://sourceforge.net/project/shownotes.php?release_id=468432

CVE Name
CVE-2006-6172
CVE-2006-6169
CVE-2006-4514
CVE-2006-6161

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003