Bug#693301: MediaTomb always bind to all interfaces regardless of configuration settings

Vladimir Volovich vladimir.volovich at gmail.com
Thu Nov 15 08:57:34 UTC 2012 

Package: mediatomb-common
Version: 0.12.1-4+b1
Severity: critical
File: /usr/bin/mediatomb
Tags: security

Attempt to force mediatomb to bind to a specific IP address (or interface) is
ignored. E.g. I've tried to change setting in /etc/default/mediatomb as
follows:
OPTIONS="-i 10.0.10.2"

and mediatomb is started with the "-i 10.0.10.2" option:

$ pgrep -a mediatomb
17000 /usr/bin/mediatomb -c /etc/mediatomb/config.xml -d -u mediatomb -g
mediatomb -P /var/run/mediatomb.pid -l /var/log/mediatomb.log -i 10.0.10.2

but it binds to all interfaces:

$ sudo netstat -anp | grep mediatomb
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN
17000/mediatomb
udp        0      0 0.0.0.0:1900            0.0.0.0:*
17000/mediatomb
udp        0      0 127.0.0.1:39862         0.0.0.0:*
17000/mediatomb

Apparently this has been reported upstream:

http://sourceforge.net/tracker/?func=detail&aid=3039645&group_id=129766&atid=715780

but this is not fixed. Could the debian team please fix this issue in the
debian package, since it is obviously a security issue?



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mediatomb-common depends on:
ii  libavformat53          7:0.10.3-dmo1
ii  libavutil51            7:1.0-dmo3
ii  libc6                  2.13-36
ii  libcurl3-gnutls        7.28.0-2
ii  libexif12              0.6.20-3
ii  libexpat1              2.1.0-1
ii  libffmpegthumbnailer4  2.0.7-2
ii  libgcc1                1:4.7.2-4
ii  libjs-prototype        1.7.0-2
ii  libmagic1              5.11-2
ii  libmozjs185-1.0        1.8.5-1.0.0+dfsg-4
ii  libmysqlclient18       5.5.28+dfsg-1
ii  libsqlite3-0           3.7.14.1-1
ii  libstdc++6             4.7.2-4
ii  libtag1c2a             1.8-dmo1
ii  zlib1g                 1:1.2.7.dfsg-13

mediatomb-common recommends no packages.

mediatomb-common suggests no packages.

-- no debconf information

More information about the pkg-multimedia-maintainers mailing list