Bug#778669: mediatomb allows anyone to browse and export the whole filesystem
Olivier Le Thanh Duong
olivier at lethanh.be
Wed Feb 18 08:41:48 UTC 2015
Package: mediatomb-daemon
Version: 0.12.1-4
Severity: grave
Tag: security
This is a regression of the bug that was fixed in #580120, but somehow the
patch applied got revert. Anyone can list and download all the file
accessible to the mediatomb user via the daemon web interface, which is
binded to 0.0.0.0
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580120
--
Olivier Lê Thanh Duong <olivier at lethanh.be>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150218/f012cda6/attachment.html>
More information about the pkg-multimedia-maintainers
mailing list