Bugtraq: Re: Stack Buffer Overflow in MPlayer

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Stack Buffer Overflow in MPlayer

From: <gabucino () mplayerhq hu>
Date: Thu, 11 Sep 2003 10:06:36 +0200

CoKi wrote:

-------------------------------------------------
No System Group - Advisory #2 - 01/09/03
-------------------------------------------------
Program:  MPlayer - The Movie Player for Linux 
Homepage:  http://www.mplayerhq.hu
Vulnerable Versions: Mplayer v0.91 and prior
Risk: Low / Medium
Impact: Stack Buffer Overflow
-------------------------------------------------

NOTE: The program 'gmplayer' isn't SUID by default.

A SUID MPlayer can be easily tricked to - like - overwrite /etc/shadow with
a new one, using very simple commandline options. One should *NEVER* set
MPlayer SUID root.

-- 
Gabucino
MPlayer Core Team

Attachment: _bin
Description:

By Date By Thread

Current thread:

Stack Buffer Overflow in MPlayer CoKi (Sep 02)
- Re: Stack Buffer Overflow in MPlayer gabucino (Sep 11)