Previous All Posts Next

GStreamer Linux Exploit: Backdoor Vulnerability Discovered

Posted: November 29, 2016 to News.

Tags: Malware, Data Breach, Compliance

A newly discovered exploit has the possibility to open up Linux users running Fedora and possibly other Linux versions to backdoors, key loggers and other drive-by types of malware by attacking a vulnerability in GStreamer decoder for the FLIC file format. Chris Evans, the security researcher behind the exploit, was able to go after the binary code used by the Rhythmbox media player, but said the same could be done with the Totem media player. In the GStreamer exploit, Evans found a clever way to circumvent both the address space layout randomization (ASLR) and data execution prevention (DEP) protections that are built into Linux. ASLR is a process that randomizes locations where software loads code within the computer memory, while DEP blocks code loaded by an exploit. Consequently, trying to exploit existing code tends to end up in a computer crash. In most case, exploits try to bypass ASLR and DEP, but the one for GStreamer avoids the pitfalls of manipulating how the memory is laid out by carefully laying out pieces of code in such a way that slowly advances the exploit and ultimately disable the protections altogether. By not requiring the use of JavaScript or some other type of code that affects memory to execute, it opens up attacks on targets that were impossible up to this point. The GStreamer exploit is not particularly that practical, considering it would take some serious retooling to work on other Linux based operating systems. That said, it does act as a proof-of-concept of the possibility of a scriptless exploit that could eventually be tweaked into a drive-by download type of malware. The good news, however, is that fixes have already been released for Ubuntu, which underscores the importance of this type of research.

Protect Your Business Today

Petronella Technology Group has provided cybersecurity, compliance, and managed IT services from Raleigh, NC for over 23 years. Contact us today for a free consultation and technology assessment.

Need help implementing these strategies? Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
Explore Our Services
Cybersecurity AI Services Compliance HIPAA CMMC Managed IT

Related Articles

Managed IT vs Break-Fix: Which IT Support Model Actually Saves Your Business Money in 2026 [Video + Guide] Managed IT vs Break-Fix: Which IT Support Model Actually Saves Your Business Money in 2026 [Video + Guide] Data Backup Best Practices: The 3-2-1-1-0 Strategy That Protects Your Business from Everything [Video + Guide] Data Backup Best Practices: The 3-2-1-1-0 Strategy That Protects Your Business from Everything [Video + Guide] Disaster Recovery Planning: How to Build a DR Plan That Keeps Your Business Running Through Any Crisis [Video + Guide] Disaster Recovery Planning: How to Build a DR Plan That Keeps Your Business Running Through Any Crisis [Video + Guide] IT Budget Planning for 2026: How to Allocate Technology Spending for Maximum Business Impact [Video + Guide] IT Budget Planning for 2026: How to Allocate Technology Spending for Maximum Business Impact [Video + Guide]

About the Author

Craig Petronella, CEO and Founder of Petronella Technology Group
CEO, Founder & AI Architect, Petronella Technology Group

Craig Petronella founded Petronella Technology Group in 2002 and has spent more than 30 years working at the intersection of cybersecurity, AI, compliance, and digital forensics. He holds the CMMC Registered Practitioner credential (RP-1372) issued by the Cyber AB, is an NC Licensed Digital Forensics Examiner (License #604180-DFE), and completed MIT Professional Education programs in AI, Blockchain, and Cybersecurity. Craig also holds CompTIA Security+, CCNA, and Hyperledger certifications.

He is an Amazon #1 Best-Selling Author of 15+ books on cybersecurity and compliance, host of the Encrypted Ambition podcast (95+ episodes on Apple Podcasts, Spotify, and Amazon), and a cybersecurity keynote speaker with 200+ engagements at conferences, law firms, and corporate boardrooms. Craig serves as Contributing Editor for Cybersecurity at NC Triangle Attorney at Law Magazine and is a guest lecturer at NCCU School of Law. He has served as a digital forensics expert witness in federal and state court cases involving cybercrime, cryptocurrency fraud, SIM-swap attacks, and data breaches.

Under his leadership, Petronella Technology Group has served 2,500+ clients, maintained a zero-breach record among compliant clients, earned a BBB A+ rating every year since 2003, and been featured as a cybersecurity authority on CBS, ABC, NBC, FOX, and WRAL. The company leverages SOC 2 Type II certified platforms and specializes in AI implementation, managed cybersecurity, CMMC/HIPAA/SOC 2 compliance, and digital forensics for businesses across the United States.

CMMC-RP NC Licensed DFE MIT Certified CompTIA Security+ Expert Witness 15+ Books
Related Service
Need Cybersecurity or Compliance Help?

Schedule a free consultation with our cybersecurity experts to discuss your security needs.

Schedule Free Consultation
Previous All Posts Next
Free cybersecurity consultation available Schedule Now