Re: Stack Buffer Overflow in MPlayer

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Stack Buffer Overflow in MPlayer
From: <gabucino@xxxxxxxxxxxx>
Date: Thu, 11 Sep 2003 10:06:36 +0200
In-reply-to: <20030831203745.25261.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20030831203745.25261.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.3.27i

CoKi wrote:
> -------------------------------------------------
> No System Group - Advisory #2 - 01/09/03
> -------------------------------------------------
> Program:  MPlayer - The Movie Player for Linux 
> Homepage:  http://www.mplayerhq.hu
> Vulnerable Versions: Mplayer v0.91 and prior
> Risk: Low / Medium
> Impact: Stack Buffer Overflow
> -------------------------------------------------
> 
> NOTE: The program 'gmplayer' isn't SUID by default.
A SUID MPlayer can be easily tricked to - like - overwrite /etc/shadow with
a new one, using very simple commandline options. One should *NEVER* set
MPlayer SUID root.

-- 
Gabucino
MPlayer Core Team

Attachment: pgpibDhJSHJ3Z.pgp
Description: PGP signature

Prev by Date: [RHSA-2003:273-01] Updated pine packages fix vulnerabilities
Next by Date: myPHPNuke : Copy/Upload/Include Files
Previous by thread: [RHSA-2003:273-01] Updated pine packages fix vulnerabilities
Next by thread: myPHPNuke : Copy/Upload/Include Files
Index(es):
- Date
- Thread