Rhythmbox Vulnerability

2008.06.28
Credit: jplopezy
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Brak
Wpływ na dostępność: Częściowy

Application: Rhythmbox 0.11.5 OS: Linux - Ubuntu 8.04 ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description Rhythmbox is a renowned player of mp3 files that comes bundled in ubuntu. What makes this vulnerability so dangerous is that it comes as default in ubuntu is quite possible that creating malicious file is opened with this player. ------------------------------------------------------ Vulnerability The vulnerability works when a file of reproduction specially trained is created this causes the program to break. Analyzing in more detail the failure with a debugger you can see the flaw in the segment but you cannot see precisely which function fails. 0x0844a767 in? () ------------------------------------------------------ POC/EXPLOIT For a proof of concept you should create a file with the extension of reproduction (pls) and put the following content. [playlist] X-GNOME-Title= Title= A * 1475 NumberOfEntries=0 ------------------------------------------------------ Juan Pablo Lopez Yacubian

Referencje:

http://xforce.iss.net/xforce/xfdb/43436
http://www.securityfocus.com/bid/29958
http://www.securityfocus.com/archive/1/archive/1/493809/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/493683/100/0/threaded
http://packetstormsecurity.org/0806-advisories/rhythmbox-dos.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top