[mythtv] Attackers can read any file on host via MythTV
Jonathan T Wang
jtwang at MIT.EDU
Sun Mar 20 06:17:01 UTC 2005
Hi,
I believe I've found a security hole in Myth - in
MainServer::LocalFilePath, MythTV does not check whether the QUrl passed
in by the client in MainServer::HandleAnnounce contains any instances
of "../"
This means that an attacker could cause MythTV to send him any file on the
system readable by the mythtv user.
Thanks,
Jonathan
More information about the mythtv-dev
mailing list