Remote code execution in Podbeuter

16 views
Skip to first unread message

Alexander Batischev

unread,
Sep 16, 2017, 2:04:40 PM9/16/17
to newsb...@googlegroups.com
Dear users,

On the heels of the previous vulnerability we have a similar one in
Podbeuter.

An attacker can craft an RSS item where the name of media enclosure (the
podcast file) contains shell code. When user plays the file in
Podbeuter, the shell code will be executed. If you're using Podbeuter
only to *download* podcasts, not *play* them, you're safe.

Podbeuter versions 0.3 through 2.9 are affected.

I'm still waiting for CVE. (Submitted a request to MITRE on August 27th,
pinged them on September 9th, but got nothing back.)

Workaround
==========

Don't play any podcasts in Podbeuter until you apply the fix.

Resolution
==========

A fix has already been pushed to our Git repository:
https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260

A patch for 2.9 is also available:
https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333

I'll notify oss-se...@lists.openwall.com, so distributions ought to
pick this up soon enough.

--
Regards,
Alexander Batischev

PGP key 356961A20C8BFD03
Fingerprint: CE6C 4307 9348 58E3 FD94 A00F 3569 61A2 0C8B FD03

signature.asc

Alexander Batischev

unread,
Sep 17, 2017, 7:56:53 AM9/17/17
to newsb...@googlegroups.com
I forgot to mention that the vulnerability was discovered by Simon
Schuster.

Also, this got assigned CVE-2017-14500:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14500
signature.asc
Reply all
Reply to author
Forward
0 new messages