Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1951

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1951
Last Modified 05 Sep 2008 04:42:47
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1951

Summary

xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.

Vulnerable Systems

Application

  • Xine 0.9.13

  • Xine 0.9.8

  • Xine 1 Beta1

  • Xine 1 Beta10

  • Xine 1 Beta11

  • Xine 1 Beta12

  • Xine 1 Beta2

  • Xine 1 Beta3

  • Xine 1 Beta4

  • Xine 1 Beta5

  • Xine 1 Beta6

  • Xine 1 Beta7

  • Xine 1 Beta8

  • Xine 1 Beta9

  • Xine 1 Rc0a

  • Xine 1 Rc1

  • Xine 1 Rc2

  • Xine 1 Rc3

  • Xine 1 Rc3a

  • Xine 1 Rc3b

  • Xine-lib 1 Rc2

  • Xine-lib 1 Rc3a

  • Xine-lib 1 Rc3b

  • Xine-lib 1 Rc3c

  • Xine-ui 0.9.21

  • Xine-ui 0.9.22

  • Xine-ui 0.9.23


References

BID - 10193

GENTOO - GLSA-200404-20

XF - xine-mrl-file-overwrite(15939)

CONFIRM - http://www.xinehq.de/index.php/security/XSA-2004-2

CONFIRM - http://www.xinehq.de/index.php/security/XSA-2004-1

SLACKWARE - SSA:2004-111

SECUNIA - 11433

OSVDB - 5739

OSVDB - 5594


Last Updated: 27 May 2016 10:39:14