[CentOS] libgme drive-by exploit.

Fri Dec 16 19:12:31 UTC 2016
Lamar Owen <lowen at pari.edu>

An interesting exploit:


While this is tailored to Fedora 25 (with Chrome) and Ubuntu 16.04, in 
checking my CentOS 7 system I find that it is not vulnerable simply 
because it doesn't have the libgme used by gstreamer-plugins-bad to make 
it work.  However, gstreamer-plugins-bad-free is indeed installed, and 
is listed as an installation from anaconda, so it is on the media.  I 
didn't specifically select it in the package set I installed.  I didn't 
look to see if any third-party packages have it.... lessee.... nope, 
didn't find the 'Game Music Emu' (gstreamer-plugins-bad-extras contains 
this in Fedora 25) anywhere, but I reserve the right to be wrong.

Now, even though C7 is not vulnerable by default, following Chris Evans' 
narrative on how he dug this out and made it reliably exploitable is a 
very good read, especially if you want to see what kind of trampoline 
can actually be employed by those who really are out to get us.