Fwd: Burned by Mplayer heap overflow virus...
Lonni J Friedman
netllama
Tue Jun 27 18:45:33 PDT 2006
If you're not running the latest version of Mplayer, this should scare you....
---------- Forwarded message ----------
From: Mike Carney <mc-al34luc at sbcglobal.net>
Date: Jun 27, 2006 6:39 PM
Subject: Burned by Mplayer heap overflow virus...
To: fedora-list at redhat.com
FYI: I'm running 32bit FC5...
I hadn't updated my version of Mplayer in quite a while, and today I
think I got burned when I viewed the following video:
<Don't view this link!>
DONTCLICKONTHIShttp://clip.break.com/dnet/media/content/modelb52.wmv
<Don't view this link!/>
After loading the video, the image of the Mplayer skin on the screen
started to "rot" to solid black. I immediately SIGKILLed it, Nuked my
home directory completely, and restored it from backup tapes. I nuked
my version of mplayer as well.
I googled "Mplayer virus" and saw that gentoo.org (and others) have
numerous reports of Mplayer heap overflow vulnerabilities, and
obviously someone has gone and created a media file that takes
advantage of them. The later versions of Mplayer have fixes for them.
I suppose I should be glad that this virus visually showed me something
was amiss. It's entirely possible that there are versions out there
that silently do much worse things. Perhaps I've already been burned
and don't know it.
Anyway, I wanted to warn folks about this problem and encourage them
to get/build the latest Mplayer with the fixes. You'll find that at
http://www.mplayerhq.hu/design7/news.html.
I also snagged a copy of this wmv file and I'd like to do some
forensics on it to figure out exactly what it caused my Mplayer to do,
above and beyond trashing the on screen Mplayer skin. Any suggestions
on what tools would be useful for this? od(1) comes to mind. Also
rerunning the old mplayer under a sacrificial user account using
Electric Fence or under a debugger also comes to mind.
TIA.
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
L. Friedman netllama at gmail.com
LlamaLand http://netllama.linux-sxs.org
More information about the Linux-users
mailing list