Friday, November 18, 2016

0day Exploit Using NSF Files

You thought .nsf files are just harmless NES music files and nothing bad could ever come from them? Well, think again. Security researcher Chris Evans has just revealed a zeroday exploit on Linux involving the use of specially crafted .nsfs.

The actual vulnerability is found in an old version of gstreamer which is still widely being used. What's happening is that the internal emulator that is used to execute the 6502 code contained in the .nsf doesn't verify the ROM size, which, in conjunction with the use of bankswitching, can lead to the emulator breaking out of its virtual memory and start writing to the heap.

Meanwhile, Battleofthebits user b00daw has found that the problematic gstreamer code is currently used by the Jabber/XMPP client Gajim, which means the vulnerability can possibly be exploited on non-Linux systems as well.

Long story short, if you still have gstreamer plugins from the 0.10 release running somewhere, you might want to run an update.

No comments:

Post a Comment