An interesting exploit:

https://scarybeastsecurity.blogspot.com/2016/12/redux-compromising-linux-using-snes.html

While this is tailored to Fedora 25 (with Chrome) and Ubuntu 16.04, in checking my CentOS 7 system I find that it is not vulnerable simply because it doesn't have the libgme used by gstreamer-plugins-bad to make it work. However, gstreamer-plugins-bad-free is indeed installed, and is listed as an installation from anaconda, so it is on the media. I didn't specifically select it in the package set I installed. I didn't look to see if any third-party packages have it.... lessee.... nope, didn't find the 'Game Music Emu' (gstreamer-plugins-bad-extras contains this in Fedora 25) anywhere, but I reserve the right to be wrong.

Now, even though C7 is not vulnerable by default, following Chris Evans' narrative on how he dug this out and made it reliably exploitable is a very good read, especially if you want to see what kind of trampoline can actually be employed by those who really are out to get us.

_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Reply via email to