• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

WMTV Buffer Overflow Vulnerability

wmtv is a video4linux TV player for windowmaker. It runs on Linux and Unix variants using windowmaker. It ships with Debian GNU/Linux 2.2.

A number of buffer overflows exist in affected versions of wmtv. This may provide an opportunity for a local attacker to execute arbitrary attacked-supplied instructions.

wmtv is installed setuid root by default, and affected versions require these privileges to run. Successful exploitation of this issue will allow the local attacker to gain root privileges on a host running vulnerable versions of wmtv.

However, it should be noted that it has not been proven whether these issues are exploitable.

This appears to be a problem with the version of wmtp that ships with Debian/GNU Linux due to the permissions that are required to run vulnerable versions of the software.