LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: XMMS vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Sven Krewitt of Secunia Research discovered that XMMS did not correctly handle BMP images when loading GUI skins. If a user were tricked into loading a specially crafted skin, a remote attacker could execute arbitrary code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-445-1             March 27, 2007
xmms vulnerabilities
CVE-2007-0653, CVE-2007-0654
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  xmms                                     1.2.10+cvs20050209-2ubuntu2.1

Ubuntu 6.06 LTS:
  xmms                                     1.2.10+cvs20050809-4ubuntu5.1

Ubuntu 6.10:
  xmms                                     1.2.10+cvs20060429-1ubuntu2.1

After a standard system upgrade you need to restart XMMS or reboot your 
computer to effect the necessary changes.

Details follow:

Sven Krewitt of Secunia Research discovered that XMMS did not correctly 
handle BMP images when loading GUI skins.  If a user were tricked into 
loading a specially crafted skin, a remote attacker could execute 
arbitrary code with user privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1.diff.gz
      Size/MD5:   333129 72ef83d4f52b41558ed91841ddb3b981
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1.dsc
      Size/MD5:     1045 8b3d745ea4c9fc0e1db52d015c5613c3
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209.orig.tar.gz
      Size/MD5:  2796215 ec03ce185b2fd255d58ef5d2267024eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_amd64.deb
      Size/MD5:    38878 02123da5ed2da81adcaf8b3dd1380506
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1_amd64.deb
      Size/MD5:  1095122 5dd89b588b95cc209fb044390efe5289

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_i386.deb
      Size/MD5:    32860 b49614977d707df3753028dbac5e7d27
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1_i386.deb
      Size/MD5:  1001796 d8a97ce8caae0d71701a4b884e5970bb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_powerpc.deb
      Size/MD5:    38072 0db4136bbeaa8a3ff7f387a2f6320c07
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1_powerpc.deb
      Size/MD5:  1133132 93cf5da1ff18a848d854029ad9ec2696

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2ubuntu2.1_sparc.deb
      Size/MD5:    34968 140189e295996eee72023777d137066f
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050209-2ubuntu2.1_sparc.deb
      Size/MD5:  1062062 d1775f3f095dc03a37ab9ded4b768c6f

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1.diff.gz
      Size/MD5:   191006 337e790c81d113b8385da0d649123f0e
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1.dsc
      Size/MD5:      980 a3934c8b60f5810560c2073026f2172e
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809.orig.tar.gz
      Size/MD5:  2798937 f60b948a5394a69b04195c22c9c75a89

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_amd64.deb
      Size/MD5:    38904 de7338cb9e157756a1475f16d1de3d3f
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1_amd64.deb
      Size/MD5:  1158938 4f0d080b8aa8732f674a2cfe6c97b1d2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_i386.deb
      Size/MD5:    32946 16d93ac5daa9da11d4f7dc80dcaea4e9
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1_i386.deb
      Size/MD5:  1052896 aad130a721051fc69c8a9a6643832019

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_powerpc.deb
      Size/MD5:    38012 99027515643537182a3e8910945b960b
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1_powerpc.deb
      Size/MD5:  1193394 521f3148224f6f96643faf5ab7d96506

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20050809-4ubuntu5.1_sparc.deb
      Size/MD5:    35108 8cc7b915ee91b2020d144e3358052d50
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20050809-4ubuntu5.1_sparc.deb
      Size/MD5:  1127786 3ec068038288108506ee3767cd41cd59

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1.diff.gz
      Size/MD5:   194003 36a8a27753ac35ce35d76697a272855b
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1.dsc
      Size/MD5:      992 d97a5a09fc238c29c59b8b233644df99
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429.orig.tar.gz
      Size/MD5:  6124267 15710911fae50a8a986b10be07c1951f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_amd64.deb
      Size/MD5:    39202 848a0574bed3305350e4d71f4f11857d
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1_amd64.deb
      Size/MD5:  1219410 50ab3c73a23647f57a3b6748c4c2c1b0

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_i386.deb
      Size/MD5:    33784 1e15c6b47b7287153bd7dd729c165613
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1_i386.deb
      Size/MD5:  1110970 321668eae4d53449f1269116540bc7ca

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_powerpc.deb
      Size/MD5:    38034 9a1bbb7aaa9b23337d0bc093ae461ef6
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1_powerpc.deb
      Size/MD5:  1322454 e124ffd6707b35afb141573b638aaaa4

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms-dev_1.2.10+cvs20060429-1ubuntu2.1_sparc.deb
      Size/MD5:    35460 72bef6d6e03c9009043badb9db627101
    http://security.ubuntu.com/ubuntu/pool/main/x/xmms/xmms_1.2.10+cvs20060429-1ubuntu2.1_sparc.deb
      Size/MD5:  1191882 491d7e1c78a200d57e7d51cc2b51a0ed


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
The Hacktivist as Angry Young Man
The Hacker Wars Hits NYC
CAINE Linux Distribution Helps Investigators With Forensic Analysis
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.