Re: Local/remote mpg123 exploit

From: Gabucino (gabucinoat_private)
Date: Sat Jan 18 2003 - 10:06:51 PST

Next message: bugzillaat_private: "[Full-Disclosure] [RHSA-2002:202-25] Updated python packages fix predictable temporary file"

Previous message: Todd Sabin: "Attacking EFS through cached domain logon credentials"
In reply to: Benjamin Tober: "Re: Local/remote mpg123 exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> mplayer (www.mplayerhq.org)
Gobbles must have been so busy coding a "robust exploit" for our
software that they forgot the URL of our site: http://www.mplayerhq.hu


> 1) If you participate in illegal file-sharing networks, your
> computer now belongs to the RIAA.
Although I like smiling over funny emails, we'd be more pleased if
a real vulnerability would be disclosed in our code - we don't do
security audits, nor do we have interest and time for it.

On to the topic, as far as I know we are NOT vulnerable to this
particular exploit. Our "mp3lib" was indeed forked from certain parts
of mpg123 years ago, but since then the code was optimized so much,
I highly doubt it resembles the current mpg123 codebase at all.

-- 
Gabucino
MPlayer Core Team

application/pgp-signature attachment: stored

Next message: bugzillaat_private: "[Full-Disclosure] [RHSA-2002:202-25] Updated python packages fix predictable temporary file"
Previous message: Todd Sabin: "Attacking EFS through cached domain logon credentials"
In reply to: Benjamin Tober: "Re: Local/remote mpg123 exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 21 2003 - 10:30:41 PST