Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XML external entity (XXE) vulnerability #243

Open
Sami32 opened this issue Sep 20, 2018 · 4 comments
Open

XML external entity (XXE) vulnerability #243

Sami32 opened this issue Sep 20, 2018 · 4 comments

Comments

@Sami32
Copy link

Sami32 commented Sep 20, 2018

Media servers using the Cling library have recently been spotted has having a security issue:
https://www.exploit-db.com/exploits/45146/
https://www.exploit-db.com/exploits/45133/
https://www.exploit-db.com/exploits/45145/

The XML parser don't disable the inline DTDs parsing by default or do not provide a mean to disable it AFAIK.

@christianbauer
Copy link
Member

I don't use or maintain Cling anymore. For this issue I would be willing to merge a pull request with a tested fix and do a new minor release. One of the many commercial users of Cling should have the budget to do this. I would assume the fix has to be done in https://github.com/4thline/seamless in the classes SAXParser and DOMParser.

Related: 4thline/seamless#9

@Sami32
Copy link
Author

Sami32 commented Sep 24, 2018

Thank you for answering and having informed us about this project status +1
Let's hope that some commercial projects will care for their customers security then.

I forgot to say that BubbleUPnP is probably the one exposing more users, with Plex.
https://www.facebook.com/MyCloudPlayer/posts/bubbleupnp-upnpdlnawhats-new-sharing-to-bubbleupnp-from-the-my-cloud-player-for-/623858287682093/

@Sami32
Copy link
Author

Sami32 commented Sep 25, 2018

@christianbauer I just get an answer from BubbleUPnP developer on their XDA forum saying that they will address this issue in their next update, so let's hope they will be open source minded and push their fix into your Seamless project.

@Sami32
Copy link
Author

Sami32 commented Nov 3, 2018

The security issue wasn't fixed:
UniversalMediaServer/UniversalMediaServer#1522 (comment)

So this issue should be re-opened.

@christianbauer christianbauer reopened this Nov 6, 2018
JasonMahdjoub added a commit to JasonMahdjoub/UPnPIGD_ARCHIVED that referenced this issue Mar 25, 2022
JasonMahdjoub added a commit to JasonMahdjoub/MaDKitLanEdition that referenced this issue Mar 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants