Remotely-exploitable missing-format-string vulnerability in some message dialogue boxes
Bug #907 reported by
Jorge Bernal
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gxine (Ubuntu) |
Fix Released
|
High
|
Jorge Bernal |
Bug Description
Exworm discovered that gxine insecurely implements formatted printing
in the hostname decoding function.
A remote attacker could entice a user to open a carefully crafted file
with gxine, possibly leading to the execution of arbitrary code.
Description
===========
Exworm discovered that gxine insecurely implements formatted printing
in the hostname decoding function.
Impact
======
A remote attacker could entice a user to open a carefully crafted file
with gxine, possibly leading to the execution of arbitrary code.
Changed in gxine: | |
status: | Accepted → Fixed |
To post a comment you must log in.
diff -u gxine-0. 4.1/debian/ changelog gxine-0. 4.1/debian/ changelog 4.1/debian/ changelog 4.1/debian/ changelog bugs.debian. org/310712
--- gxine-0.
+++ gxine-0.
@@ -1,3 +1,13 @@
+gxine (0.4.1-1ubuntu0.1) hoary-security; urgency=high
+
+ * SECURITY UPDATE: fix remotely exploitable missing format string.
+ * src/utils.c: use format string to avoid arbitrary code execution.
+ * References:
+ CAN-2005-1692
+ http://
+
+ -- Jorge Bernal <email address hidden> Sat, 4 Jun 2005 01:01:01 +0200
+
gxine (0.4.1-1) unstable; urgency=high
* New upstream release. 4.1.orig/ src/utils. c 4.1/src/ utils.c
only in patch2:
unchanged:
--- gxine-0.
+++ gxine-0.
@@ -159,7 +159,7 @@
va_end (ap);
dialog = gtk_message_ dialog_ new (NULL, GTK_DIALOG_ DESTROY_ WITH_PARENT, type, window_ set_title (GTK_WINDOW (dialog), title); window_ set_position (GTK_WINDOW (dialog), GTK_WIN_ POS_CENTER) ;
- GTK_BUTTONS_CLOSE, msg);
+ GTK_BUTTONS_CLOSE, "%s", msg);
gtk_
gtk_