[NEWS] MythControl Arbitrary Code Execution Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



MythControl Arbitrary Code Execution Vulnerability
------------------------------------------------------------------------


SUMMARY

MythControlServer is "a small server application for use with MythControl
remote clients. It uses the Bluez RFCOMM interface to listen for client
connections and forwards the received commands to either MythFrontend or
shell". A critical security vulnerability has been found in the
MythControlServer. It is possible to execute arbitrary code.

DETAILS

Vulnerable Systems:
* MythControl versions 1.0 and prior

In sendToMythTV the command that is to be sent might overflow the sendStr
string. Exploitation might be conducted by using an overflowed command
variable value.


ADDITIONAL INFORMATION

The information has been provided by <mailto:sapheal@xxxxxxx> Michal
Bucko.



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [NEWS] Electric Sheep Window-Id Local Stack Overflow
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Electric Sheep Window-Id Local Stack Overflow ... Because window_id comes directly from the command line, ... The vulnerability can be seen by executing the ...
    (Securiteam)
  • [NEWS] VICE Emulator Format String Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... VICE is "a program that runs on a UNIX, ... There is a format string vulnerability in the handling of the monitor ... is interpreted as a command for the output, ...
    (Securiteam)
  • [UNIX] Trend Micro VirusWall Buffer Overflow in VSAPI Library
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... buffer overflow vulnerability in VSAPI library allows arbitrary code ... is called "vscan" which is set suid root by default. ... permissions and thus granted all local users the privilege to execute the ...
    (Securiteam)
  • [UNIX] SCO Multiple Local Buffer Overflow
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Local exploitation of a buffer overflow vulnerability in the ppp binary, ... allows attackers to gain root privileges. ...
    (Securiteam)
  • [NT] Microsoft Word 6.0/95 Document Converter Buffer Overflow (MS04-041)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... WordPad is "a word processing application that uses the MFC rich edit ... Remote exploitation of a buffer overflow vulnerability in Microsoft ... Microsoft Word format files into the Rich Text Format natively handled by ...
    (Securiteam)