[mythtv] Attackers can read any file on host via MythTV
Jonathan T Wang
jtwang at MIT.EDU
Sun Mar 20 06:39:41 UTC 2005
On Sun, 20 Mar 2005, Isaac Richards wrote:
> On Sunday 20 March 2005 01:17 am, Jonathan T Wang wrote:
> > Hi,
> >
> > I believe I've found a security hole in Myth - in
> > MainServer::LocalFilePath, MythTV does not check whether the QUrl passed
> > in by the client in MainServer::HandleAnnounce contains any instances
> > of "../"
> >
> > This means that an attacker could cause MythTV to send him any file on the
> > system readable by the mythtv user.
>
> Read the code again.
Ah, got it. Sorry about that.
Jonathan
More information about the mythtv-dev
mailing list