Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#1578 closed defect (fixed)

VLC executes arbitrary plugins

Reported by: courmisch Owned by: courmisch
Priority: highest Milestone: 0.9.0-test1
Component: Core Version: master git
Severity: critical Keywords: security
Cc: Difficulty: unknown
Platform(s): all Work status: 40%

Description (last modified by courmisch)

At startup, VLC recursively scans the modules/ and plugins/ subdirectories from the current working directory, and tries to execute the vlc_entry__0_8_6 (or another in other VLC versions) symbol from any file matching the "lib*_plugin.so" pattern.

This is a local privilege escalation vulnerability.

Attachments (1)

Bob Foster1.gif (1001 bytes) - added by Smartmil888 3 months ago.
http://hpac.com

Download all attachments as: .zip

Change History (8)

comment:1 Changed 7 years ago by courmisch

  • Description modified (diff)

comment:2 Changed 7 years ago by courmisch

  • Milestone changed from 0.8.6-bugfix to 0.9.0-test1
  • Owner set to courmisch
  • Status changed from new to assigned

-bugfix is now fixed. Still needed for 0.9.0.

comment:3 Changed 7 years ago by courmisch

  • Version set to HEAD

comment:4 Changed 7 years ago by funman

  • Work status changed from Not started to 40%

what about allowing browsing ./modules and ./plugins only in debug target ? I hope no UNIX distributors use --enable-debug

comment:5 Changed 7 years ago by courmisch

Wow, that would be an ugly hack... Why would they not build debug variants if they like?

comment:6 Changed 7 years ago by courmisch

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:7 Changed 7 years ago by xtophe

CVE-2008-2147 has been affected to this problem

Changed 3 months ago by Smartmil888

Note: See TracTickets for help on using tickets.