Super Mari-owned: Startling Nintendo-based vulnerability discovered in Ubuntu

Security researcher finds Ubuntu exploit enabled by sound files meant for Nintendo Entertainment System

A vulnerability in a multimedia framework present on Version 12.04.5 of Ubuntu can be exploited by sound files meant to be played on the venerable Nintendo Entertainment System, according to security researcher Chris Evans.

The vulnerability is the result of a flaw in an audio decoder called libgstnsf.so, which allows gstreamer Version 0.10 to play the NSF files that the NES uses for music. NSF files, when played, use the host system’s hardware to create a virtualized version of the NES’ old 6502 processor and sound hardware in real time.

What the exploit does, in essence, is take advantage of the way NES cartridges used to handle switching between certain memory registers to run code on an unsuspecting Linux user’s desktop. (The sample exploit Evans provides uses the vulnerability to run Xcalc.)

“This exploit works against what I would consider the ‘default’ install,” he wrote in a blog post. “During Ubuntu install, there’s a question along the lines of ‘hey, do you want mp3s to work?’ and of course the correct answer is ‘yes.’ Various extra packages are then installed including gstreamer0.10-plugins-bad. This package includes libgstnsf.so.”

Evans suggests that the exploit could theoretically be distributed via email attachment, drive-by download targeting Google Chrome, or by USB, though it’s unlikely to become a widespread threat.

It is, as Evans makes clear, not a particularly serious zero-day. The flaw appears to only exist in Ubuntu 12.04.5, which is an older (though still supported) version of the popular Linux distro. The fix is as simple as removing libgstnsf.so, which doesn’t even result in a loss of functionality, since there’s another decoder that can play NSF music from the NES.

What’s more, exploit code requires an attacker to program in the arcane 6502 language designed for the NES processor, relying on the way the virtualized 6502 processor translates this code to deliver malicious instructions.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackingubuntuMario

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Gold

Network World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?