[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030911080636.GA900@woodstock.localdomain>
Date: Thu, 11 Sep 2003 10:06:36 +0200
From: <gabucino@...ayerhq.hu>
To: bugtraq@...urityfocus.com
Subject: Re: Stack Buffer Overflow in MPlayer
CoKi wrote:
> -------------------------------------------------
> No System Group - Advisory #2 - 01/09/03
> -------------------------------------------------
> Program: MPlayer - The Movie Player for Linux
> Homepage: http://www.mplayerhq.hu
> Vulnerable Versions: Mplayer v0.91 and prior
> Risk: Low / Medium
> Impact: Stack Buffer Overflow
> -------------------------------------------------
>
> NOTE: The program 'gmplayer' isn't SUID by default.
A SUID MPlayer can be easily tricked to - like - overwrite /etc/shadow with
a new one, using very simple commandline options. One should *NEVER* set
MPlayer SUID root.
--
Gabucino
MPlayer Core Team
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists