|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Stack Buffer Overflow in MPlayer
gabucino
mplayerhq.hu
Date: Thu Sep 11 2003 - 03:06:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
CoKi wrote:
> -------------------------------------------------
> No System Group - Advisory #2 - 01/09/03
> -------------------------------------------------
> Program: MPlayer - The Movie Player for Linux
> Homepage: http://www.mplayerhq.hu
> Vulnerable Versions: Mplayer v0.91 and prior
> Risk: Low / Medium
> Impact: Stack Buffer Overflow
> -------------------------------------------------
>
> NOTE: The program 'gmplayer' isn't SUID by default.
A SUID MPlayer can be easily tricked to - like - overwrite /etc/shadow with
a new one, using very simple commandline options. One should *NEVER* set
MPlayer SUID root.
--
Gabucino
MPlayer Core Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/YC0MAq6GhkS0XDcRAizXAJ9WUn1R7cJKPGWdRxen0uP9cE5DiACbByxk
xdR5qYywafDQGyO33qvhYio=
=8IZ2
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]