CoKi wrote: > ------------------------------------------------- > No System Group - Advisory #2 - 01/09/03 > ------------------------------------------------- > Program: MPlayer - The Movie Player for Linux > Homepage: http://www.mplayerhq.hu > Vulnerable Versions: Mplayer v0.91 and prior > Risk: Low / Medium > Impact: Stack Buffer Overflow > ------------------------------------------------- > > NOTE: The program 'gmplayer' isn't SUID by default. A SUID MPlayer can be easily tricked to - like - overwrite /etc/shadow with a new one, using very simple commandline options. One should *NEVER* set MPlayer SUID root. -- Gabucino MPlayer Core Team
Attachment:
pgpibDhJSHJ3Z.pgp
Description: PGP signature