[28528] in bugtraq
Re: Local/remote mpg123 exploit
daemon@ATHENA.MIT.EDU (Gabucino)
Tue Jan 21 13:31:02 2003
Date: Sat, 18 Jan 2003 19:06:51 +0100
From: Gabucino <gabucino@mplayerhq.hu>
To: bugtraq@securityfocus.com
Message-ID: <20030118180651.GA4255@woodstock.localdomain>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="82I3+IH0IqGh5yIs"
Content-Disposition: inline
In-Reply-To: <20030115081624.5633.qmail@www.securityfocus.com>
--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> mplayer (www.mplayerhq.org)
Gobbles must have been so busy coding a "robust exploit" for our
software that they forgot the URL of our site: http://www.mplayerhq.hu
> 1) If you participate in illegal file-sharing networks, your
> computer now belongs to the RIAA.
Although I like smiling over funny emails, we'd be more pleased if
a real vulnerability would be disclosed in our code - we don't do
security audits, nor do we have interest and time for it.
On to the topic, as far as I know we are NOT vulnerable to this
particular exploit. Our "mp3lib" was indeed forked from certain parts
of mpg123 years ago, but since then the code was optimized so much,
I highly doubt it resembles the current mpg123 codebase at all.
--=20
Gabucino
MPlayer Core Team
--82I3+IH0IqGh5yIs
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+KZe7Aq6GhkS0XDcRAjPjAJ9R9zrjAyU7kRSTkVkU/9nzYp/h4gCeL4XX
xLBc45MpD2VSzjf0gFGK4oM=
=e9Jt
-----END PGP SIGNATURE-----
--82I3+IH0IqGh5yIs--
