Mailing List del Fortunae LUG ============================= Sempre sull'argomento Gobbles. Colgo l'occasione per ritirare quello che ho detto, evidentemente non ho capito un accidente di loro. ----- Forwarded message from Rain Forest Puppy <rfp@xxxxxxxxxxxxx> ----- From: Rain Forest Puppy <rfp@xxxxxxxxxxxxx> To: vulnwatch@xxxxxxxxxxxxx Subject: [VulnWatch] Followup to Gobbles post Date: Wed, 15 Jan 2003 17:02:01 +0000 (GMT) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Some of you have written in wondering if the Gobbles post was a hoax or not. Skipping past all the RIAA stuff (I can't exactly confirm any of that), there is still the issue of a buffer overflow in mpg123 version 0.59s. That *is* real, and so is the exploit that is attached (which, if successful in exploitation, will run 'rm -rf ~'). So yes, there is a mpg123 vulnerability in the latest development version (which some linux distros ship). The latest stable version (0.59r) seems to be OK for the moment. As for the 'hydra' (Swordfish, anyone?), RIAA involvement, and massive P2P neworking compromises, well, that's for you to determine. Your loving VulnWatchdog, - - rain forest puppy -----BEGIN PGP SIGNATURE----- Comment: Public key at http://www.wiretrip.net/rfp/gpg-key.txt iD8DBQE+JZM08z6qql3x7WgRAsUEAJ0QgAgcMMZcLrmk901MwCh4r3aT5QCg11uT 8IM88jjj3fAYz6LL7i6Lix4= =QL6U -----END PGP SIGNATURE----- ----- End forwarded message ----- -- BlueRaven There are only 10 types of people in this world... those who understand binary, and those who don't. -- <simon> vabbè dai raga... reinstallo linux