[FFmpeg-devel] fateserver
Michael Niedermayer
michael at niedermayer.cc
Sun Aug 8 13:07:43 EEST 2021
Hi all
on 8 Aug 2021 08:02:54 +0200 janne informed ffmpeg-security about a
arbitrary code execution vulnerability in the fateserver code in both
libav and ffmpeg.
From the log janne showed us it was apparently used by someone yesterday
to attempt to run sudo
i did shutdown apache on fate.ffmpeg.org at about 8:45 so the fateserver is
offline and will stay so until the code is fixed
On the ffmpeg side, it seems someone tried to use this to run
ls -la
cat /etc/passwd
uptime
long ago, so far ive not found any other traces nor any recent attempted use
for both libav and ffmpeg the vulnerable code is offline so i guess theres
no reason to keep this issue private
Thanks
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210808/2d411bd4/attachment.sig>
More information about the ffmpeg-devel
mailing list