Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080510233755.GB9690@ngolde.de>
Date: Sun, 11 May 2008 01:37:55 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: CVE id request: vlc local privilege escalation

Hi,
can I get a CVE id for vlc?
https://trac.videolan.org/vlc/ticket/1578:

"At startup, VLC recursively scans the modules/ and plugins/ subdirectories
from the current working directory, and tries to execute the vlc_entry__0_8_6
(or another in other VLC versions) symbol from any file matching the
"lib*_plugin.so" pattern."

Patch: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.