Bugtraq mailing list archives
Re: Stack Buffer Overflow in MPlayer
From: <gabucino () mplayerhq hu>
Date: Thu, 11 Sep 2003 10:06:36 +0200
CoKi wrote:
------------------------------------------------- No System Group - Advisory #2 - 01/09/03 ------------------------------------------------- Program: MPlayer - The Movie Player for Linux Homepage: http://www.mplayerhq.hu Vulnerable Versions: Mplayer v0.91 and prior Risk: Low / Medium Impact: Stack Buffer Overflow ------------------------------------------------- NOTE: The program 'gmplayer' isn't SUID by default.
A SUID MPlayer can be easily tricked to - like - overwrite /etc/shadow with a new one, using very simple commandline options. One should *NEVER* set MPlayer SUID root. -- Gabucino MPlayer Core Team
Attachment:
_bin
Description:
Current thread:
- Stack Buffer Overflow in MPlayer CoKi (Sep 02)
- Re: Stack Buffer Overflow in MPlayer gabucino (Sep 11)