NES Related Vulnerability Discovered In Ubuntu

1it enterprise

1it enterpriseAccording to Chris Evan a security researcher, sound files meant to be played on the venerable Nintendo Entertainment System can abuse a vulnerability in a multimedia framework present on Version 12.04.5 of Ubuntu. A flaw in the audio decoder known as libgstnsf.so that which allows gstreamer Version 0.10 to play the NSF files that the NES uses for music resulted in the flaw. A virtualized version of the NES’ old 6502 processors and sound hardware is created when an NSF file was played in the host systems hardware. The way NES cartridges used to handle swapping between particular memory registers to run code on an unwary Linux user’s desktop is taken advantage by the exploit. The package that gets installed during the installation process includes libgstnsf.so. Though it is unlikely to become a widespread threat, Evan suggested that theoretically the exploit could be distributed through drive-by download targeting Google Chrome, email attachments, and USB.

 

The issue exists in the 12.04.5 version of the Ubuntu that is particularly old. Since there is another decoder present that can decode NSF music from the NES, the libgstnsf.so that doesn’t affect any functionality can be removed as a fix for the issue.