Researcher bags two-for-one deal on Linux bugs while probing GNOME component

2023-10-10 16:01

Cue files - which store the metadata that defines the layout of music on a CD. Given that it's often used alongside the FLAC audio format, open source audio players like Audacious are dependent on the library.

The tracker-miners application initializes automatically when a file is either added or modified in a subdirectory of the home directory.

Cue file, since tracker-miners uses libcue to pass the cue sheets file.

Other files are also supported by tracker-miners - it has scanners for HTML, JPEG, and PDF files too - but the researcher's proof of concept code was limited to using cue sheet files.

If these files were all unarchived, only the one that matches the user's distro would be needed to pull off the attack.

Backhouse encountered an issue when developing the PoC exploit for the vulnerability because the tracker-extract component of tracker-miners has a seccomp sandbox that prevents this kind of exploit from running.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/10/linux_gnome_libcue_exploit/

#linux #researcher

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		18	373	1439	1138	696	3646
Gnome		89	33	152	65	18	268

News URL

Related news

Related vendor