Remote code execution in Podbeuter
16 views
Skip to first unread message
Alexander Batischev
Sep 16, 2017, 2:04:40 PM9/16/17
to newsb...@googlegroups.com
Dear users,
On the heels of the previous vulnerability we have a similar one in
Podbeuter.
An attacker can craft an RSS item where the name of media enclosure (the
podcast file) contains shell code. When user plays the file in
Podbeuter, the shell code will be executed. If you're using Podbeuter
only to *download* podcasts, not *play* them, you're safe.
Podbeuter versions 0.3 through 2.9 are affected.
I'm still waiting for CVE. (Submitted a request to MITRE on August 27th,
pinged them on September 9th, but got nothing back.)
Workaround
==========
Don't play any podcasts in Podbeuter until you apply the fix.
Resolution
==========
A fix has already been pushed to our Git repository:
https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260
A patch for 2.9 is also available:
https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
I'll notify oss-se...@lists.openwall.com, so distributions ought to
pick this up soon enough.
--
Regards,
Alexander Batischev
PGP key 356961A20C8BFD03
Fingerprint: CE6C 4307 9348 58E3 FD94 A00F 3569 61A2 0C8B FD03
On the heels of the previous vulnerability we have a similar one in
Podbeuter.
An attacker can craft an RSS item where the name of media enclosure (the
podcast file) contains shell code. When user plays the file in
Podbeuter, the shell code will be executed. If you're using Podbeuter
only to *download* podcasts, not *play* them, you're safe.
Podbeuter versions 0.3 through 2.9 are affected.
I'm still waiting for CVE. (Submitted a request to MITRE on August 27th,
pinged them on September 9th, but got nothing back.)
Workaround
==========
Don't play any podcasts in Podbeuter until you apply the fix.
Resolution
==========
A fix has already been pushed to our Git repository:
https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260
A patch for 2.9 is also available:
https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
I'll notify oss-se...@lists.openwall.com, so distributions ought to
pick this up soon enough.
--
Regards,
Alexander Batischev
PGP key 356961A20C8BFD03
Fingerprint: CE6C 4307 9348 58E3 FD94 A00F 3569 61A2 0C8B FD03
Alexander Batischev
Sep 17, 2017, 7:56:53 AM9/17/17
to newsb...@googlegroups.com
I forgot to mention that the vulnerability was discovered by Simon
Schuster.
Also, this got assigned CVE-2017-14500:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14500
Schuster.
Also, this got assigned CVE-2017-14500:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14500
Reply all
Reply to author
Forward
0 new messages