Remotely-exploitable missing-format-string vulnerability in some message dialogue boxes
Bug #907 reported by
Jorge Bernal
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gxine (Ubuntu) |
Fix Released
|
High
|
Jorge Bernal | ||
Bug Description
Exworm discovered that gxine insecurely implements formatted printing
in the hostname decoding function.
A remote attacker could entice a user to open a carefully crafted file
with gxine, possibly leading to the execution of arbitrary code.
Description
===========
Exworm discovered that gxine insecurely implements formatted printing
in the hostname decoding function.
Impact
======
A remote attacker could entice a user to open a carefully crafted file
with gxine, possibly leading to the execution of arbitrary code.
Revision history for this message
| Jorge Bernal (koke) wrote Debdiff to fix it | #1 |
| summary: |
- Description - =========== - Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. - Impact - ====== - A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the execution of arbitrary code. |
| Changed in gxine: | |
| assignee: | nobody → koke |
| status: | New → Accepted |
| Changed in gxine: | |
| status: | Accepted → Fixed |
To post a comment you must log in.
diff -u gxine-0.
--- gxine-0.
+++ gxine-0.
@@ -1,3 +1,13 @@
+gxine (0.4.1-1ubuntu0.1) hoary-security; urgency=high
+
+ * SECURITY UPDATE: fix remotely exploitable missing format string.
+ * src/utils.c: use format string to avoid arbitrary code execution.
+ * References:
+ CAN-2005-1692
+ http://
+
+ -- Jorge Bernal <email address hidden> Sat, 4 Jun 2005 01:01:01 +0200
+
gxine (0.4.1-1) unstable; urgency=high
* New upstream release.
only in patch2:
unchanged:
--- gxine-0.
+++ gxine-0.
@@ -159,7 +159,7 @@
va_end (ap);
dialog = gtk_message_
- GTK_BUTTONS_CLOSE, msg);
+ GTK_BUTTONS_CLOSE, "%s", msg);
gtk_
gtk_