SSD Advisory – Emby Media Server Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in Emby Media Server.

Affected versions are: 3.1.5, 3.1.2, 3.1.1, 3.1.0 and 3.0.0.

Emby Media Server (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client server model. Two comparable media servers are Plex and Windows Media Center.

The vulnerabilities found in Emby Media Server are:

  • Directory Traversal
  • File Disclosure
  • SQL Injection

Credit
An independent security researcher Gjoko Krstic from Zero Science Lab has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
Emby has been notified in March 2017 about the vulnerability, shortly after they have released a new version that addresses this vulnerabilities. They however have not provided any version information or release notes that reflect this.

Continue reading SSD Advisory – Emby Media Server Multiple Vulnerabilities

SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

Vulnerability Summary
The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1.

By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge that was once hidden in the myriad systems, applications, and databases used to store enterprise content.

Oracle’s products for knowledge management help users find useful knowledge contained in corporate information stores.

Credit
An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Oracle has released patches to address this vulnerability, for more details see: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html.

Continue reading SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

SSD Advisory – HiSilicon Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes 2 vulnerabilities found in HiSilicon application-specific integrated circuit (ASIC) chip set firmware.

HiSilicon provides ASICs and solutions for communication network and digital media. These ASICs are widely used in over 100 countries and regions around the world. In the digital media field, HiSilicon has already released the SoC and solution for network surveillance, videophone, DVB and IPTV.

The vulnerabilities found in HiSilicon ASIC firmware are:

  1. Buffer overflow in built-in webserver
  2. Directory path traversal built-in webserver

The list of vendors working with HiSilicon is unknown. We manage to identify 55 different vendors, all of them are still vulnerable.

Here is example of 10 vendors using the HiSilicon application-specific integrated circuit (ASIC) chip set in their products (the full list can be found in the end of this report):

  1. http://www.vacron.com/products_CCTV_dvr.html
  2. http://www.gess-inc.com/gess/dvrs/
  3. http://www.jufenginfo.com/en/product-list.php?cid=10&pid=166&parid=175
  4. http://egpis.co.kr/egpis/product.php?category=AHD&category2=AHD_D
  5. http://optimus-cctv.ru/catalog/ahd-videoregistratory
  6. http://www.clearcftv.com.br/linha.php?l=5&ln=ahd
  7. http://click-cam.com/html2/products.php?t=2
  8. http://www.ccd.dn.ua/ahd-videoregistratory.html
  9. http://www.dhssicurezza.com/tvcc-ahd/dvr-ahd-720p/
  10. http://www.gigasecurity.com.br/subcategoria-gravadores-de-video-dvr

Credit
An independent security researcher Istvan Toth has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to communicate with the vendor through emails and twitter, over the course of several months, we were unable to get any response.

Continue reading SSD Advisory – HiSilicon Multiple Vulnerabilities

SSD Advisory – Tripwire IP360 Local File Inclusion

Vulnerabilities Summary
The following advisory describes a Local File Inclusion (LFI) vulnerability found in Tripwire IP360 version 7.2.6. Tripwire IP360 is a enterprise-class vulnerability and risk assessment, it’s provides visibility into the enterprise network, including all networked devices and their associated operating systems and application.

Credit
An independent security researcher Mohammed Shameem has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Tripwire has stated 7.2.6 which was vulnerable has reached end of life. No other version of Tripwire is affected by this LFI vulnerability. Tripwire customers still using version 7.2.6 should upgrade to version 7.5 or newer which is supported.

Continue reading SSD Advisory – Tripwire IP360 Local File Inclusion