[MPlayer-users] Buffer Overflow in Mplayer v0.91 and prior
Joonas Koivunen
rzei at mbnet.fi
Sun Aug 31 23:33:20 CEST 2003
On Monday 01 September 2003 00:37, D Richard Felker III wrote:
> > bash-2.05b$ gmplayer `perl -e 'print "A" x 550'`
>
> Umm, this advisory is incredibly stupid. How is it a vulnerability if
> you make mplayer (which runs as your uid) crash based on the filename
> *you* give it on the command line?!? If this can be done from
> playlists, then maybe it's a vulnerability, but this advisory doesn't
> even address that.
>
> Rich
Well what if someone gains access on a system where gmplayer ran with SUID,
wouldn't it be possible to gain root shell via this exploit?
-rzei
More information about the MPlayer-users
mailing list