[FLUG] [rfp@vulnwatch.org: [VulnWatch] Followup to Gobbles post]
- From: BlueRaven <blueraven@xxxxxxxxx>
- To: ML Fortunae LUG <fanolug@xxxxxxxxxxxxx>
- Date: Wed, 15 Jan 2003 18:41:16 +0100
Mailing List del Fortunae LUG
=============================
Sempre sull'argomento Gobbles.
Colgo l'occasione per ritirare quello che ho detto, evidentemente non ho
capito un accidente di loro.
----- Forwarded message from Rain Forest Puppy <rfp@xxxxxxxxxxxxx> -----
From: Rain Forest Puppy <rfp@xxxxxxxxxxxxx>
To: vulnwatch@xxxxxxxxxxxxx
Subject: [VulnWatch] Followup to Gobbles post
Date: Wed, 15 Jan 2003 17:02:01 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Some of you have written in wondering if the Gobbles post was a hoax or
not.
Skipping past all the RIAA stuff (I can't exactly confirm any of that),
there is still the issue of a buffer overflow in mpg123 version 0.59s.
That *is* real, and so is the exploit that is attached (which, if
successful in exploitation, will run 'rm -rf ~').
So yes, there is a mpg123 vulnerability in the latest development version
(which some linux distros ship). The latest stable version (0.59r) seems
to be OK for the moment.
As for the 'hydra' (Swordfish, anyone?), RIAA involvement, and massive P2P
neworking compromises, well, that's for you to determine.
Your loving VulnWatchdog,
- - rain forest puppy
-----BEGIN PGP SIGNATURE-----
Comment: Public key at http://www.wiretrip.net/rfp/gpg-key.txt
iD8DBQE+JZM08z6qql3x7WgRAsUEAJ0QgAgcMMZcLrmk901MwCh4r3aT5QCg11uT
8IM88jjj3fAYz6LL7i6Lix4=
=QL6U
-----END PGP SIGNATURE-----
----- End forwarded message -----
--
BlueRaven
There are only 10 types of people in this world...
those who understand binary, and those who don't.
--
<simon> vabbè dai raga... reinstallo linux
Other related posts:
- » [FLUG] [rfp@vulnwatch.org: [VulnWatch] Followup to Gobbles post]
