Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

MythControl (MythTV remote control) arbitrary code execution

from [sapheal] Network Security [Permanent Link]
Subject: MythControl (MythTV remote control) arbitrary code execution
Date: Sat, 30 Dec 2006 13:17:55 +0100 
Synopsis:  MythControl (MythTV remote control) arbitrary code execution
Product:   MythControl
Version:   <=1.0


Product:
=======

MythControl makes out of your Windows Mobile 5 Smartphone the 
best remote control ever for MythTV (or similar Media Center Products). 
It uses Bluetooth to communicate with your MythTV box and has a 
flexible, customizable user interface.
 
MythControlServer is a small server application for use with MythControl remote 
clients.
It uses the Bluez RFCOMM interface to listen for client connections and 
forwards the received
commands to either MythFrontend or shell. 


Issue:
======

A critical security vulnerability has been found in the product. It is
possible to execute arbitrary code.

Details:
========
In sendToMythTV the command that is to be sent might overflow
the sendStr string.


Affected Versions
=================

MythControl <= 1.0

Solution
=========

The sent command must be small enough to fit in the prepared 
buffer to send.


Exploitation
============

Exploitation might be conducted by using an overflowed command
variable value.




Kind regards,

Michal Bucko - sapheal
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • MythControl (MythTV remote control) arbitrary code execution, sapheal <=
Previous by Date:  csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit, Reversemode
Next by Date:  SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit, inge_eivind . henriksen
Previous by Thread:  csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit, Reversemode
Next by Thread:  SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit, inge_eivind . henriksen
Indexes:  [Date] [Thread] [Top] [All Lists]