CVE-2014-3800

NameCVE-2014-3800
DescriptionXBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs747428

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xbmc (PTS)jessie2:13.2+dfsg1-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xbmcsource(unstable)2:13.2+dfsg1-5low747428

Notes

Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
[jessie] - xbmc <no-dsa> (Minor issue)
[wheezy] - xbmc <no-dsa> (Minor issue)
http://trac.xbmc.org/ticket/15198

Search for package or bug name: Reporting problems