Test ID:	1.3.6.1.4.1.25623.1.0.53053
Category:	Turbolinux Local Security Tests
Title:	Turbolinux TLSA-2005-65 (xine-lib)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xine-lib announced via advisory TLSA-2005-65. The xine engine is a free media player engine. It comes in the form of a shared libarary and is typically used by media player frontends and other multimedia applications for playback of multimedia streams such as movies, radio/tv network streams, DVDs, VCDs. Multiple heap-based buffer overflows vulnerabilities exist in the handling of MMS over TCP (MMST) streams or RealMedia RTSP streams in xine-lib. These vulnerabilities may allow attackers to execute arbitrary code via malformed multimedia files. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-65 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1195 BugTraq ID: 13271 http://www.securityfocus.com/bid/13271 Bugtraq: 20050421 [PLSN-0003] - Remote exploits in MPlayer (Google Search) http://www.securityfocus.com/archive/1/396703 Bugtraq: 20050421 xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients (Google Search) http://seclists.org/lists/bugtraq/2005/Apr/0337.html http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml http://www.osvdb.org/15711 http://www.osvdb.org/15712 http://securitytracker.com/id?1013771 http://secunia.com/advisories/15014 XForce ISS Database: mplayer-mmst-stream-bo(20175) https://exchange.xforce.ibmcloud.com/vulnerabilities/20175 XForce ISS Database: mplayer-rtsp-stream-bo(20171) https://exchange.xforce.ibmcloud.com/vulnerabilities/20171
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.