More > Media Center 11 (Development Ended)

Buffer overflow?

(1/1)

jmp:
Bugtraq is reporting a buffer overflow in an old version of Media Center.  They are "not aware of any vendor-supplied patches for this issue", but I don't know why they would post something now on such an old version.  Does anyone here know if the current version resolves these issues?  There is a perl exploit posted, but it is not clear how an attacker would actually get you to execute the code.  Doesn't look like much to worry about, but I was so surprised to see JRiver on the "Weekly Comprehensive List of Newly Discovered Vulnerabilities" - not really a list you want to be on, although you're always in good company there.

http://www.securityfocus.com/bid/19853
Bugtraq ID:  19853 
"J River Media Center Mediacenter.EXE Buffer Overflow Vulnerability

Media Center and various Media Center plugins are prone to a buffer-overflow vulnerability.

This issue occurs because the application fails to bounds-check data before copying it into a finite-sized buffer.

This issue allows remote attackers to cause the application to crash, denying service to the legitimate user. Arbitrary code execution may be possible, but this has not been confirmed.

Version 11.0.309 is vulnerable to this issue; other versions may also be affected."

JimH:
We first heard of this 4 days ago.  We don't believe it is a serious problem. 

This is Bob Brose, replying to my request to investigate:


--- Quote ---
Jim Hillegass:
> Bob,
> Can you take a quick look at this?
> http://www.milw0rm.com/exploits/2302
>
[Bob replied]
Since it doesn't look like it can execute arbitrary data on crash it's
just a D.O.S which is embarrassing but not deadly...

Bob

--- End quote ---
DOS is Denial of Service, meaning the vulnerability could cause someone running a Tivo Server in MC to see a failure to connect, etc.

In order to exploit this reported vulnerability, there would also need to be an opening in the network's firewall.

We're still looking at this.

John Gateley:
The buffer overflow was fixed quite a long time ago. Updating to the latest version of 11.1 will ensure you are not susceptible.

Thanks, and sorry...

j

Navigation

[0] Message Index