MythControlServer SendToMythTV() Buffer Overflow Vulnerability
BID:21839
Info
MythControlServer SendToMythTV() Buffer Overflow Vulnerability
| Bugtraq ID: | 21839 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 31 2006 12:00AM |
| Updated: | Jan 04 2007 06:41PM |
| Credit: | Michal Bucko (sapheal) is credited with the discovery of this vulnerability. |
| Vulnerable: |
MythControl MythControl 1.0 |
| Not Vulnerable: | |
Discussion
MythControlServer SendToMythTV() Buffer Overflow Vulnerability
MythControlServer is prone to a remote buffer-overflow vulnerability when handling commands received over Bluetooth. This issue arises because the application fails to properly bounds-check user-supplied input data before copying it to a fixed-sized stack buffer.
Exploiting this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application.
MythControl/MythControlServer 1.0 and prior versions are vulnerable to this issue.
MythControlServer is prone to a remote buffer-overflow vulnerability when handling commands received over Bluetooth. This issue arises because the application fails to properly bounds-check user-supplied input data before copying it to a fixed-sized stack buffer.
Exploiting this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application.
MythControl/MythControlServer 1.0 and prior versions are vulnerable to this issue.
Exploit / POC
MythControlServer SendToMythTV() Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
MythControlServer SendToMythTV() Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
MythControlServer SendToMythTV() Buffer Overflow Vulnerability
References:
References:
- Product Homepage (MythControl)