Last month, we published an article related to red and white machine to the Ubuntu vulnerabilities, and using malicious build of the red and white machine music files can be triggered--this is the famous security expert, Chris Evans masterpiece; in fact, the super any also the existence of such a situation! Last month, Chris Evans started for the Linux GStreamer framework for security analysis, found for the Linux Desktop the 0-day vulnerability. Recently, Evans discloses a stable version of the vulnerability / exploit, you can use a specially crafted audio file covert download drive-by download for Linux invasion. Currently, this vulnerability could also be for other Linux distributions. Vulnerability reasons In Evans published the exploit code, The use of the GStreamer and libgme software library heap overflow vulnerability, which, GStreamer is the Linux of the open source multimedia framework, libgme is Linux multimedia software development library, which can be used to simulate the game consoles Super Nintendo（SNES）music. Evans published the exploit in Ubuntu 16.04 LTS and Fedora 25 release on stable realize, even Chrome's sandbox mechanism does not provide complete protection. According to Evans claim that the exploit is current for Ubuntu 16.04 LTS and Fedora 25 versions of the complete, effective and reliable exploit code for the vulnerability to achieve the use of the Super Nintendo Sony SPC700 Analog processor of the cascade simulation vulnerability, this is a“delicate and interesting”simulation error. Linux multimedia player framework GStreamer, supported by the Super Nintendo CPU and audio processor Analog SNES game music file Game Music Emu to. Affected by the Sony SPC700 emulator the presence of at least two surface defects, A is in a data transfer instruction of MOV (X)+is missing in the X register variables, the second is a jump instruction RET1 is missing in the SP register variables. !
Vulnerability testing and impact Evans integrated use of the two run-time errors discovered vulnerability, in which shows the attack of the video display, as long as the victim to visit the contains. flac, or. mp3 format of the malicious SPC audio file to the web after which the system will be the attacker's intrusion. Perform the attack of a specially crafted audio file that contains malicious code, it can be for the user to achieve a covert drive-by download download, once successfully loaded, the attacker can perform a series of with the current system of user permissions is quite the operation. Through the attack, you can steal all user data information, including photos, videos, documents and browser cookies, etc.
Evans in the blog gives a detailed vulnerability analysis details, in addition, he also pointed out that since the sandbox mechanism of the General lack of will lead to the vulnerability severity is increased.