Test ID:	1.3.6.1.4.1.25623.1.0.53707
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 477-1 (xine-ui)
Summary:	The remote host is missing an update to xine-ui;announced via advisory DSA 477-1.
Description:	Summary: The remote host is missing an update to xine-ui announced via advisory DSA 477-1. Vulnerability Insight: Shaun Colley discovered a problem in xine-ui, the xine video player user interface. A script contained in the package to possibly remedy a problem or report a bug does not create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking xine. This update also removes the bug reporting facility since bug reports can't be processed upstream anymore. For the stable distribution (woody) this problem has been fixed in version 0.9.8-5. For the unstable distribution (sid) this problem will be fixed soon. Solution: We recommend that you upgrade your xine-ui package. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0372 BugTraq ID: 9939 http://www.securityfocus.com/bid/9939 Bugtraq: 20040320 xine-check/xine-bugreport symlink vulnerability. (Google Search) http://marc.info/?l=bugtraq&m=107997911025558&w=2 Debian Security Information: DSA-477 (Google Search) http://www.debian.org/security/2004/dsa-477 http://security.gentoo.org/glsa/glsa-200404-20.xml XForce ISS Database: xine-xinebugreport-xinecheck-symlink(15564) https://exchange.xforce.ibmcloud.com/vulnerabilities/15564
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.