29 Nov 2016
A newly discovered exploit has the possibility to open up Linux users running Fedora and possibly other Linux versions to backdoors, key loggers and other drive-by types of malware by attacking a vulnerability in GStreamer decoder for the FLIC file format. Chris Evans, the security researcher behind the exploit, was able to go after the binary code used by the Rhythmbox media player, but said the same could be done with the Totem media player.
In the GStreamer exploit, Evans found a clever way to circumvent both the address space layout randomization (ASLR) and data execution prevention (DEP) protections that are built into Linux. ASLR is a process that randomizes locations where software loads code within the computer memory, while DEP blocks code loaded by an exploit. Consequently, trying to exploit existing code tends to end up in a computer crash.
The GStreamer exploit is not particularly that practical, considering it would take some serious retooling to work on other Linux based operating systems. That said, it does act as a proof-of-concept of the possibility of a scriptless exploit that could eventually be tweaked into a drive-by download type of malware. The good news, however, is that fixes have already been released for Ubuntu, which underscores the importance of this type of research.