FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xine-lib arbitrary file overwrite

Affected packages
0.9 < libxine < 1.0.r3_5

Details

VuXML ID e50b04e8-9c55-11d8-9366-0020ed76ef5a
Discovery 2004-04-20
Entry 2004-05-02

From the xinehq advisory:

By opening a malicious MRL in any xine-lib based media player, an attacker can write arbitrary content to an arbitrary file, only restricted by the permissions of the user running the application.

The flaw is a result of a feature that allows MRLs (media resource locator URIs) to specify arbitrary configuration options.

References

Bugtraq ID 10193
URL http://www.xinehq.de/index.php/security/XSA-2004-1