Home page logo

bugtraq logo Bugtraq mailing list archives

Open Security Group Advisory #6
From: <c0ntex () open-security org>
Date: 17 Aug 2004 16:41:01 -0000

In May, Open Security Group started a media player security audit to drive out defects in popular media player code 
with the hope
of helping secure our networks, machines and users from malicious attackers.
As the second stage of this project, I released an advisory on August 8th, 2004, regarding a new local && remote 
vulnerability in
Xine Media Player [www.xinehq.de] that will allow for an attacker to execute code on a Linux / UNIX machine running the 
player. This vulnerability is very similar to the bug I found in MPlayer, details of which can be found at the 
following links:
Sadly, I received the standard email from the Bugtraq mailing list stating that the message had not been actioned and 
as such was
returned.... so I can?t understand why my work ended up in the securityfocus.com vulnerability archive, yet it was not 
shared with the subscibing community. Selective information dissemination is not very helpful.
Now since this vulnerability is just as serious as the Mplayer bug, I can?t see any good reason why this information 
should be withheld from the community any longer. Therefore, I am again hoping to rely on Bugtraq maintainers seeing 
fit to post my advisory to the community so that they too can benifit from having this important information.
Just in case this post does not adhere to the ?securityfocus standard? which is... I have no idea.... I have also 
posted this message to the full-disclosure group.
My original Xine advisory can be found for your perusal at the following links:
Thanks and regards.
Open Security Group

  By Date           By Thread  

Current thread:
  • Open Security Group Advisory #6 c0ntex (Aug 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]