漏洞信息详情
XMMS皮肤文件整数溢出漏洞
- CNNVD编号:CNNVD-200703-514
- 危害等级: 中危
- CVE编号: CVE-2007-0654
- 漏洞类型: 缓冲区溢出
- 发布时间: 2007-03-21
- 威胁类型: 远程
- 更新时间: 2007-03-23
- 厂 商: x_multimedia_system
- 漏洞来源: Sven Krewitt
漏洞简介
XMMS是unix系统上的多媒体播放器,支持多种文件格式。 XMMS在处理皮肤位图图形时存在多个整数溢出漏洞,如果用户受骗加载了包含有特制头信息的皮肤文件的话,就会触发栈溢出或内存破坏,导致执行任意指令。
漏洞公告
厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1277-1)以及相应补丁:
DSA-1277-1:New XMMS packages fix arbitrary code execution
链接: http://www.debian.org/security/2007/dsa-1277
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1.diff.gz
Size/MD5 checksum: 333600 8d25c5173ec7d94d0db9f92b418610ce
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209.orig.tar.gz
Size/MD5 checksum: 2796215 ec03ce185b2fd255d58ef5d2267024eb
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1.dsc
Size/MD5 checksum: 1065 d03e55ebe9c6a5ba2337d5f3542bc883
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_alpha.deb
Size/MD5 checksum: 2700990 aa024afc093e8f415b19d783e39b81c0
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_alpha.deb
Size/MD5 checksum: 48766 5fd631196c28fd44df02ecf25ab9c676
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_amd64.deb
Size/MD5 checksum: 2434966 5c10a5a20aa5329b1c120cef213ef164
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_amd64.deb
Size/MD5 checksum: 37810 06a82b2325505c9e30e4b7d9c6a17ffe
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_arm.deb
Size/MD5 checksum: 2396722 fcead4025c4743996a4c307a003377df
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_arm.deb
Size/MD5 checksum: 35376 e4f630de7290d4141964cc6ae8758ac4
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_hppa.deb
Size/MD5 checksum: 2585550 c73dd34f37131785adcf699e65b55ac3
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_hppa.deb
Size/MD5 checksum: 40834 90fe696e1dee1d694cd8148ac83a6b88
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_i386.deb
Size/MD5 checksum: 33842 52fef7c2ef6a73f329d18b4df43ee6e5
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_i386.deb
Size/MD5 checksum: 2395578 c0a4c275b67ce3bc166128cd4c1fa747
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_ia64.deb
Size/MD5 checksum: 2717624 e7d9b41eda0f4b32c3bba2c2dff15fc1
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_ia64.deb
Size/MD5 checksum: 48220 28fef757212bef0da7ed46bec7e76740
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_m68k.deb
Size/MD5 checksum: 2315470 1a93ec2577d2a79b9b645003e1d22a03
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_m68k.deb
Size/MD5 checksum: 31624 30bd86c18e943f3a93a983a63c2c1fb7
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_mips.deb
Size/MD5 checksum: 2412762 e340f997cfbbe0ef8ef50f78b5ec5d71
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_mips.deb
Size/MD5 checksum: 40580 698dfcf5c909de3a955f6337fb23e425
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_mipsel.deb
Size/MD5 checksum: 2391432 b2ef3697588a72e735f5caa02593d1b7
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_mipsel.deb
Size/MD5 checksum: 40516 10443e075a1f4840d4de22f2dcfc355b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_powerpc.deb
Size/MD5 checksum: 36946 057d90024cae6e6a0fdfa2d0de666134
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_powerpc.deb
Size/MD5 checksum: 2487280 e0571a0993112c79d6751509e548193d
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_s390.deb
Size/MD5 checksum: 2430886 2cc8a1371309b973c1f963a93fc58a80
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_s390.deb
Size/MD5 checksum: 37424 3e6eb798d0a7a6137fbb1ad1a961da75
sparc architecture (Sun SPARC/UltraSPARC)
参考网址
来源: BID 名称: 23078 链接:http://www.securityfocus.com/bid/23078 来源: VUPEN 名称: ADV-2007-1057 链接:http://www.frsirt.com/english/advisories/2007/1057 来源: MISC 链接:http://secunia.com/secunia_research/2007-47/advisory/ 来源: SECUNIA 名称: 23986 链接:http://secunia.com/advisories/23986 来源: XF 名称: xmms-skinbitmap-bo(33203) 链接:http://xforce.iss.net/xforce/xfdb/33203 来源: UBUNTU 名称: USN-445-1 链接:http://www.ubuntu.com/usn/usn-445-1 来源: BUGTRAQ 名称: 20070321 Secunia Research: XMMS Integer Overflow and UnderflowVulnerabilities 链接:http://www.securityfocus.com/archive/1/archive/1/463408/100/0/threaded 来源: SUSE 名称: SUSE-SR:2007:006 链接:http://www.novell.com/linux/security/advisories/2007_6_sr.HTML 来源: MANDRIVA 名称: MDKSA-2007:071 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:071 来源: DEBIAN 名称: DSA-1277 链接:http://www.debian.org/security/2007/dsa-1277 来源: SECUNIA 名称: 24889 链接:http://secunia.com/advisories/24889 来源: SECUNIA 名称: 24804 链接:http://secunia.com/advisories/24804 来源: SECUNIA 名称: 24645 链接:http://secunia.com/advisories/24645 来源: MANDRIVA 名称: MDKSA-2007:071 链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:071
受影响实体
- X_multimedia_system X_multimedia_system:1.2.10
补丁
暂无
评论