[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: CVE request: BD-J implementation in libbluray
From: Florian Weimer <fw () deneb ! enyo ! de>
Date: 2015-03-01 10:50:34
Message-ID: 871tl9vvnp.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]
* Sven Schwedas:
> On 2015-02-23 10:34, Jean-Baptiste Kempf wrote:
>> On 23 Feb, Florian Weimer wrote :
>>> Yes, I do think full sandboxing is required because content publishers
>>> have attacked end user system integrity in the past, so I don't think
>>> they can be trusted.
>>
>> BD-J code comes from Blu-Rays. Downloading non-official blurays and
>> executing it is like taking random binaries from internet and running
>> them.
>
> And the Sony rootkit came from official, store-bought discs …
Someone seems to have worked independently on a proof of concept for
this issue:
<https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic