lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 26 Jun 2008 04:14:31 -0000
From: jplopezy@...il.com
To: bugtraq@...urityfocus.com
Subject: Rhythmbox Vulnerability

Application: Rhythmbox 0.11.5
OS: Linux - Ubuntu 8.04
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description

Rhythmbox is a renowned player of mp3 files that comes bundled in ubuntu.
What makes this vulnerability so dangerous is that it comes as default in ubuntu
is quite possible that creating malicious file is opened with this player.

------------------------------------------------------
Vulnerability

The vulnerability works when a file of reproduction specially trained is created this causes the program to break.

Analyzing in more detail the failure with a debugger you can see the flaw in the segment but you cannot see precisely which function fails.

0x0844a767 in? ()

------------------------------------------------------
POC/EXPLOIT

For a proof of concept you should create a file with the extension of reproduction (pls) and put the following content.

[playlist]
X-GNOME-Title=
Title= A * 1475
NumberOfEntries=0

------------------------------------------------------
Juan Pablo Lopez Yacubian

Powered by blists - more mailing lists