Oh, I'm going to lie awake nights worrying about this exploit...
|
| Author | Content |
|---|---|
| PaulFerris Jan 12, 2005 10:18 AM EDT |
"Those actions could include taking control of a user's applications to send e-mail--perhaps aiding in identity theft or the spread of viruses--or alter files. However, Kristensen said the vulnerability may be difficult to exploit." No S--t Sherlock. I'm so worried about this (sarcasm, in case you can't spot it) -- this doesn't compare with most Windows exploits at all, since the user would have to get an mpg in an email on Linux, then click to play it with mpg123 (still a distinct possibility) -- and of course the buffer-over-run will have to have been targeted at the particular build or platform the user was using. All of the above, very remote compared to just about any windows exploit, some of which happen when a web page appears on a clicked-upon email. This type of reporting will help C-Net appear more "balanced", though. Nice --FeriCyde |
| peragrin Jan 12, 2005 10:57 AM EDT |
Actually I just stopped to think of how many desktop linux installs I have done where mpg123 was installed by default? Yea It was always an option but I can't reacall any with default. Suse? nope Mandrake? nope Red Hat 9? don't think so, Knoppix? hmm don't think so either. since mpg123 is a commandline program that doesn't get used but by command line gods Ican't see this affecting but one or two users If. |
| AnonymousCoward Jan 13, 2005 12:08 AM EDT |
Ayup. Everyone I know uses either MPlayer or one of the half-dozen other multimedia players; maybe AlpsaPlayer or XMMS or Noatun. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!