mplayerplug-in playPlaylist Remote Command Execution

2004-01-15T00:00:00
ID OSVDB:4844
Type osvdb
Reporter OSVDB
Modified 2004-01-15T00:00:00

Description

Vulnerability Description

mplayerplug-in contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the playPlaylist() function not properly sanitizing user input. If an attacker sends specially crafted URL with double-quotes or shell meta-characters, they can append arbitrary commands that will be execute if a person clicks on the link.

Solution Description

Upgrade to version 1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

mplayerplug-in contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the playPlaylist() function not properly sanitizing user input. If an attacker sends specially crafted URL with double-quotes or shell meta-characters, they can append arbitrary commands that will be execute if a person clicks on the link.

Manual Testing Notes

mplayer -playlist "http://[arbitrary]";touch /tmp/0wn3d;rm -rf $HOME;#" <> /tmp/fifoXy9388

References:

Vendor URL: http://freshmeat.net/projects/mplayerplug-in/ Vendor Specific Advisory URL