[MPlayer-users] Buffer Overflow in Mplayer v0.91 and prior
zimon at niksula.hut.fi
Mon Sep 1 00:36:28 CEST 2003
On Sun, Aug 31, 2003 at 05:37:39PM -0400, D Richard Felker III wrote:
> > Vulnerable Versions: Mplayer v0.91 and prior
> > Risk: Low / Medium
> > Impact: Stack Buffer Overflow
> > bash-2.05b$ gmplayer `perl -e 'print "A" x 550'`
> Umm, this advisory is incredibly stupid. How is it a vulnerability if
> you make mplayer (which runs as your uid) crash based on the filename
> *you* give it on the command line?!? If this can be done from
Some people do make mplayer SUID root, because they use for example
DirectFB-device, or DGA-device, or mplayer complains about RTC permissions
and user does not know how to set it up without suid root in /etc/sysctl.conf
There is warnings about this in DOCS/en/video.html though.
Also faq.html tells about RTC: "You need root privileges ...or"...then
it tells later "but requires root privileges, a setuid root MPlayer binary
or a properly set up kernel."
However, it does emphasize: "Note: NEVER install a setuid root MPlayer binary
on a multiuser system!"
So, the buffer smash exploit can be risky for some people who give access to
other people to their home-entertainment box, which uses DirectFB to show
movies on TV. Dropping privileges just after the device has been opened,
if it was suid root, at least would be a good idea, although it wouldn't solve
that mentioned stack overflow exploit in parameter parsing.
More information about the MPlayer-users