Posts Tagged ‘DoS’

Barix Streaming Client Multiple Vulnerabilities

September 10, 2015

The Barix Streaming Client is a product that “can deliver high quality branded audio in real time via the internet or a local network to an unlimited number of locations and gives the option for localized and targeted ad insertion too, all via live streaming.

It uses a web interface for device management. By default it does not require authentication and does not appear to allow you to set a user account just a password. Version B3.14 was tested and found to have additional problems!

Unauthenticated access –

barix01

You can manipulate streaming settings and change the audio the person hears –

barix02

Under Configuration -> Advanced Settings, the ‘User Agent’ field is not sanitized. Inserting script code triggers a POST request to /setup.cgi and updates the ‘S517’ parameter allowing for cross site scripting (CVE-2015-78000) that renders on uifadvanced.html –

barix03

barix04-xss

It also renders on /ixstatus.html –

barix06-rendered

The security settings that allow for a password –

barix05-default

You can also manually reboot the device or create a script that will continually reboot it –

barix07-reboot-dos

Advertisements

Multiple Linux TV Player Software Unauthenticatd Remote DoS

October 10, 2013

There are several software packages that are almost identical that let you remotely control a linux-based smart TV / set-top box. Three of the popular ones don’t require a password to access it, allowing you to mess with the programming, volume, and reboot the device. (Shodan search)

Open Webif / Open Source Web Interface for Linux Set-Top Box
Version: OWIF 0.1.5
openwebif-reboot

Vu+ Solo
Enigma Version: Aug 22 2011-vuplus_experimental
Image Version: Experimental 2011-08-22
vusolo-reboot

Dreambox Webcontrol
Enigma Version: 2012-11-03-3.2
Image Version: Release 3.2.3 2012-07-07
dreambox-reboot

udpxy Unauthenticated Reboot DoS / Info Disclosure

September 11, 2013

udpxy is a “small-footprint UNIX/Linux daemon to relay multicast UDP traffic to client’s TCP (HTTP) connection.”

Shodan search: http://www.shodanhq.com/search?q=udpxy

http://target/status

This will give some information on the network traffic going to and from the machine. It also lets you restart the server without authenticating. With a simple shell script you can keep rebooting the service.

udpxy

Whoever made the search on Shodan also included this info: http://imgur.com/4vZU7GR