[MPlayer-users] Buffer Overflow in Mplayer v0.91 and prior

Joonas Koivunen rzei at mbnet.fi
Sun Aug 31 23:33:20 CEST 2003


On Monday 01 September 2003 00:37, D Richard Felker III wrote:
> > bash-2.05b$ gmplayer `perl -e 'print "A" x 550'`
>
> Umm, this advisory is incredibly stupid. How is it a vulnerability if
> you make mplayer (which runs as your uid) crash based on the filename
> *you* give it on the command line?!? If this can be done from
> playlists, then maybe it's a vulnerability, but this advisory doesn't
> even address that.
>
> Rich

Well what if someone gains access on a system where gmplayer ran with SUID, 
wouldn't it be possible to gain root shell via this exploit?

-rzei



More information about the MPlayer-users mailing list