[31559] in bugtraq
Re: Stack Buffer Overflow in MPlayer
daemon@ATHENA.MIT.EDU (gabucino@mplayerhq.hu)
Thu Sep 11 12:42:33 2003
Date: Thu, 11 Sep 2003 10:06:36 +0200
To: bugtraq@securityfocus.com
Message-ID: <20030911080636.GA900@woodstock.localdomain>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1"
Content-Disposition: inline
In-Reply-To: <20030831203745.25261.qmail@sf-www2-symnsj.securityfocus.com>
From: <gabucino@mplayerhq.hu>
--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
CoKi wrote:
> -------------------------------------------------
> No System Group - Advisory #2 - 01/09/03
> -------------------------------------------------
> Program: MPlayer - The Movie Player for Linux=20
> Homepage: http://www.mplayerhq.hu
> Vulnerable Versions: Mplayer v0.91 and prior
> Risk: Low / Medium
> Impact: Stack Buffer Overflow
> -------------------------------------------------
>=20
> NOTE: The program 'gmplayer' isn't SUID by default.
A SUID MPlayer can be easily tricked to - like - overwrite /etc/shadow with
a new one, using very simple commandline options. One should *NEVER* set
MPlayer SUID root.
--=20
Gabucino
MPlayer Core Team
--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/YC0MAq6GhkS0XDcRAizXAJ9WUn1R7cJKPGWdRxen0uP9cE5DiACbByxk
xdR5qYywafDQGyO33qvhYio=
=8IZ2
-----END PGP SIGNATURE-----
--RnlQjJ0d97Da+TV1--
