---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: XBMC HTTP Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34539 VERIFY ADVISORY: http://secunia.com/advisories/34539/ DESCRIPTION: Some vulnerabilities have been discovered in XBMC, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within the "websHomePageHandler()" function in xbmc/lib/libGoAhead/WebServer.cpp can be exploited to cause a stack-based buffer overflow by sending a specially crafted HTTP request with an overly long path to the web server. 2) A boundary error within the "dll_open()" function in xbmc/cores/DllLoader/exports/emu_msvcrt.cpp can be exploited to cause a stack-based buffer overflow by calling certain XBMC HTTP-API functions (e.g. "GetTagFromFilename", "takescreenshot") with overly long filename parameters. 3) A format string error within within the XBMC HTTP-API function "queryvideodatabase" can be exploited to e.g. crash the application and potentially execute arbitrary code by calling the function with a query containing format string specifiers. Successful exploitation requires that the HTTP server is enabled. The vulnerabilities are confirmed in version 8.10. Other versions may also be affected. SOLUTION: Use a firewall to restrict access to the HTTP server. Set a password to the HTTP server and restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: n00b ORIGINAL ADVISORY: http://milw0rm.com/exploits/8337 http://milw0rm.com/exploits/8338 http://milw0rm.com/exploits/8339 http://milw0rm.com/exploits/8340 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------