Super Mari-owned: Startling Nintendo-based vulnerability discovered in Ubuntu

Security researcher finds Ubuntu exploit enabled by sound files meant for Nintendo Entertainment System

A vulnerability in a multimedia framework present on Version 12.04.5 of Ubuntu can be exploited by sound files meant to be played on the venerable Nintendo Entertainment System, according to security researcher Chris Evans.

The vulnerability is the result of a flaw in an audio decoder called libgstnsf.so, which allows gstreamer Version 0.10 to play the NSF files that the NES uses for music. NSF files, when played, use the host system’s hardware to create a virtualized version of the NES’ old 6502 processor and sound hardware in real time.

What the exploit does, in essence, is take advantage of the way NES cartridges used to handle switching between certain memory registers to run code on an unsuspecting Linux user’s desktop. (The sample exploit Evans provides uses the vulnerability to run Xcalc.)

“This exploit works against what I would consider the ‘default’ install,” he wrote in a blog post. “During Ubuntu install, there’s a question along the lines of ‘hey, do you want mp3s to work?’ and of course the correct answer is ‘yes.’ Various extra packages are then installed including gstreamer0.10-plugins-bad. This package includes libgstnsf.so.”

Evans suggests that the exploit could theoretically be distributed via email attachment, drive-by download targeting Google Chrome, or by USB, though it’s unlikely to become a widespread threat.

It is, as Evans makes clear, not a particularly serious zero-day. The flaw appears to only exist in Ubuntu 12.04.5, which is an older (though still supported) version of the popular Linux distro. The fix is as simple as removing libgstnsf.so, which doesn’t even result in a loss of functionality, since there’s another decoder that can play NSF music from the NES.

What’s more, exploit code requires an attacker to program in the arcane 6502 language designed for the NES processor, relying on the way the virtualized 6502 processor translates this code to deliver malicious instructions.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackingubuntuMario

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Jon Gold

Jon Gold

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?