LinHES Forums • View topic - Is this a security issue we need to worry about?

Board index Linux MythTV

All times are UTC - 6 hours

Is this a security issue we need to worry about?

Page 1 of 1

[ 3 posts ]

Print view

Previous topic Next topic

Author

Message

esherm22

Post subject: Is this a security issue we need to worry about?

Posted: Wed Jan 03, 2007 7:11 am

Joined: Thu Sep 15, 2005 12:37 pm

Posts: 39

Location: Minnesota

Affected Products
MythControl version 1.0 and prior

Technical Description
A vulnerability has been identified in MythControl, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service. This issue is due to a buffer overflow error in the "sendToMythTV()" [MythControlServer/mythControlServer.c] function when handling an overly long command, which could be exploited by remote attackers to crash a vulnerable application or compromise an affected system via a specially crafted request.

Link:
http://www.frsirt.com/english/advisories/2007/0024

Top

cecil

Post subject:

Posted: Wed Jan 03, 2007 9:56 am

Site Admin

Joined: Fri Sep 19, 2003 6:37 pm

Posts: 2659

Location: Whittier, Ca

In the past, Isaac has stated that MythTV isn't built w/ security in mind for performance reasons. It has also been my opinion that at MythTV system should be behind a firewall. I personally am not worried. If you have not, the place to query about this is the MythTV mailing list.

Top

esherm22

Post subject:

Posted: Wed Jan 03, 2007 11:43 am

Joined: Thu Sep 15, 2005 12:37 pm

Posts: 39

Location: Minnesota

Thanks Cecil. Keep up the good work!

Top

Page 1 of 1

[ 3 posts ]

Board index Linux MythTV

All times are UTC - 6 hours

Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum