Bugtraq mailing list archives

Re: Local/remote mpg123 exploit

From: Gabucino <gabucino () mplayerhq hu>
Date: Sat, 18 Jan 2003 19:06:51 +0100

mplayer (www.mplayerhq.org)

Gobbles must have been so busy coding a "robust exploit" for our
software that they forgot the URL of our site: http://www.mplayerhq.hu

1) If you participate in illegal file-sharing networks, your
computer now belongs to the RIAA.

Although I like smiling over funny emails, we'd be more pleased if
a real vulnerability would be disclosed in our code - we don't do
security audits, nor do we have interest and time for it.

On to the topic, as far as I know we are NOT vulnerable to this
particular exploit. Our "mp3lib" was indeed forked from certain parts
of mpg123 years ago, but since then the code was optimized so much,
I highly doubt it resembles the current mpg123 codebase at all.

-- 
Gabucino
MPlayer Core Team

Attachment: _bin
Description:

Current thread:

Re: Local/remote mpg123 exploit Benjamin Tober (Jan 16)
- Re[2]: Local/remote mpg123 exploit 3APA3A (Jan 17)
- Re: Local/remote mpg123 exploit Gabucino (Jan 21)
- <Possible follow-ups>
- Local/remote mpg123 exploit gobbles (Jan 21)
  - Re: Local/remote mpg123 exploit 3APA3A (Jan 16)
  - Re: Local/remote mpg123 exploit Daniel Kobras (Jan 17)