Recently security researchers Evans in the Ubuntu system found a very interesting vulnerability, this vulnerability also with Nintendo the year of the 8-bit consoles（NES, or FC. Evans said that in Ubuntu 12.04.5 version of the multimedia framework in the presence of a vulnerability, the vulnerability can be red and white machine to play the sound file NSF file, use-the red and white machine and a Ubuntu system? This vulnerability is the root cause of the fact that the audio decoder libgstnsf. so, this decoder was originally used to support gstreamer 0.10 to play the NSF File format-and the red and white machine of the music file is. NSF format-the Ubuntu system in the playback of this file will be created in real time the red and white machine 6 5 0 2 processor and audio hardware to the virtual environment. Such speak to is also very easy to understand, vulnerability is not counting far-reaching, the researchers also just think it's fun to do in-depth observation. !
Evans said:“the vulnerability is to some extent dependent on the default installation process.” Because in the Ubuntu installation process, the system will ask“do you expect the system to be able to correctly play the mp3 file? The user will of course choose“Yes”. As a result, the system will be installed including the streamer-1.0-pliugins-bad contains libgstnsf. so in a variety of packages. If you're on the NSF file of interest, you can click here to download the cv2. the nsf, which is the game of the Castlevania: shadow of the king of BGM Airport. Such files are very small, to contain the sample in fact also have difficulty, but if you want to get some little trick or can. Interested students can click here to download the exploit file, as shown above. To say the attack code, in fact, and the red and white machine 6 5 0 2 processor is indeed relevant. 6 5 0 2 CPU is a legendary presence, appearing in a wide variety of legend systems, such as Nintendo red and white machine, the Commodore 6 4, The BBC microcomputer system or the like. This exploit code is exactly what an attacker with reportedly very obscure 6 5 0 2 language, it relies on virtual 6 5 0 2 Processor to parse this code, and provide the malicious command to attack. Evans said that this exploit NES processing the stored register switching between Linux users on the desktop run the code. Details are available on the Evans blog. ! To exploit the vulnerability, you can take the following methods: 1, to the target e-mail, mail bring can exploit the vulnerability of the Annex. As soon as the victim downloads the file, they will be attacked. But need to pay attention to the file extension from. nsf to. mp3, because the vast majority of Linux Desktop does not recognize the NSF file-but will certainly use the player to play the MP3 file. Most of the based on the gstreamer media player will ignore the file suffix to automatically detect the file format, and then using the desired decoder. 2, Using drive-by download scheme. For example with Chrome browser download UX, the victim to visit a spoofed web site, the files can be dumped to the victims of the Downloads folder. In the File Manager to view the Downloads folder, the file Manager will be targeted to those known to the suffix of the file, and automatically display a thumbnail or preview. And exploit it may depend on the thumbnail for the attack. 3, a more complete drive-by download using the program. Evans said they would separately write a post detailing the entire process is really good cling to. 4, The use of USB devices to attacks. It's easy to understand, the nsf format file exists in the U disk, the user can open the USB device in the process, it will trigger the thumbnail of the attack process. Although this is a 0day vulnerability, but it impact is not very serious. But the vulnerability only exists on Ubuntu 12.04.5 system version, This is a relatively old version. To avoid this vulnerability is also very easy, just remove libgstnsf. so. But also does not cause the function is missing, because in the NES, there is another decoder that can play NSF music. !