Ticket #1578 (closed defect: fixed)

Opened 6 days ago

Last modified 4 days ago

VLC executes arbitrary plugins

Reported by: courmisch Assigned to: courmisch
Priority: highest Milestone: 0.9.0-test1
Component: LibVLC Version: master
Severity: critical Keywords: security
Cc: Platform(s): all
Difficulty: unknown Work status: 40%

Description (Last modified by courmisch)

At startup, VLC recursively scans the modules/ and plugins/ subdirectories from the current working directory, and tries to execute the vlc_entry__0_8_6 (or another in other VLC versions) symbol from any file matching the "lib*_plugin.so" pattern.

This is a local privilege escalation vulnerability.

Change History

05/10/08 12:21:37 changed by courmisch

  • description changed.

05/10/08 13:39:37 changed by courmisch

  • status changed from new to assigned.
  • owner set to courmisch.
  • milestone changed from 0.8.6-bugfix to 0.9.0-test1.

-bugfix is now fixed. Still needed for 0.9.0.

05/10/08 13:39:43 changed by courmisch

  • version set to HEAD.

05/10/08 17:20:08 changed by funman

  • wip changed from Not started to 40%.

what about allowing browsing ./modules and ./plugins only in debug target ? I hope no UNIX distributors use --enable-debug

05/10/08 17:29:50 changed by courmisch

Wow, that would be an ugly hack... Why would they not build debug variants if they like?

05/10/08 19:47:44 changed by courmisch

  • status changed from assigned to closed.
  • resolution set to fixed.

Fixed by [48a985ecd756e3969c4b55998f24e281f03c1536].

05/12/08 23:21:23 changed by xtophe

CVE-2008-2147 has been affected to this problem