[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Open Security Group Advisory #6
From: <c0ntex () open-security ! org>
Date: 2004-08-17 16:41:01
Message-ID: 20040817164101.25915.qmail () www ! securityfocus ! com
[Download RAW message or body]
List,
In May, Open Security Group started a media player security audit to drive out \
defects in popular media player code with the hope of helping secure our networks, \
machines and users from malicious attackers.
As the second stage of this project, I released an advisory on August 8th, 2004, \
regarding a new local && remote vulnerability in Xine Media Player [www.xinehq.de] \
that will allow for an attacker to execute code on a Linux / UNIX machine running the \
player. This vulnerability is very similar to the bug I found in MPlayer, details of \
which can be found at the following links:
http://open-security.org/advisories/5
http://www.techworld.com/opsys/news/index.cfm?NewsID=2027
http://www.securityfocus.com/archive/1/367301/2004-06-23/2004-06-29/0
Sadly, I received the standard email from the Bugtraq mailing list stating that the \
message had not been actioned and as such was returned.... so I can?t understand why \
my work ended up in the securityfocus.com vulnerability archive, yet it was not \
shared with the subscibing community. Selective information dissemination is not very \
helpful.
http://securityfocus.com/bid/10890/info/
Now since this vulnerability is just as serious as the Mplayer bug, I can?t see any \
good reason why this information should be withheld from the community any longer. \
Therefore, I am again hoping to rely on Bugtraq maintainers seeing fit to post my \
advisory to the community so that they too can benifit from having this important \
information.
Just in case this post does not adhere to the ?securityfocus standard? which is... I \
have no idea.... I have also posted this message to the full-disclosure group.
My original Xine advisory can be found for your perusal at the following links:
http://open-security.org/advisories/6
http://secunia.com/advisories/12194/
http://secwatch.org/advisories/1008390
http://xforce.iss.net/xforce/xfdb/16930
http://securiteam.com/unixfocus/5MP042KDPQ.html
http://packetstormsecurity.nl/filedesc/Xines_Mine.c.html
---
Thanks and regards.
c0ntex
Open Security Group
http://www.Open-Security.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic