Latest Subtitle VNC hack - Printable Version

Latest Subtitle VNC hack - Printable Version

+- Kodi Community Forum (https://forum.kodi.tv)
+-- Forum: Support (https://forum.kodi.tv/forumdisplay.php?fid=33)
+--- Forum: Add-on Support (https://forum.kodi.tv/forumdisplay.php?fid=27)
+---- Forum: Subtitle Add-ons (https://forum.kodi.tv/forumdisplay.php?fid=143)
+---- Thread: Latest Subtitle VNC hack (/showthread.php?tid=314900)

Pages: 1 2

Secirity Risk - Kodi Open Subtitles Addon Remote Code Execution - garage100 - 2017-05-23

Hi
Did you fixed the security risk of remote control pc by downloadig subtitel via kodi?
Checkpoint report:
https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-0364.html

Thanks
Yoav

RE: Secirity Risk - Kodi Open Subtitles Addon Remote Code Execution - Shogunreaper - 2017-05-23

how to find out if you were hit by it?

RE: Secirity Risk - Kodi Open Subtitles Addon Remote Code Execution - BatterPudding - 2017-05-23

I also came in to try and make sense of this. I read the news on The Register.
https://www.theregister.co.uk/2017/05/23/malware_in_subtitles_return/

Little video on there shows how it works in both VLC and KODI

In the comments ( https://forums.theregister.co.uk/forum/1/2017/05/23/malware_in_subtitles_return/ ) someone pointed out the issue is caused by the subtitles being downloaded in a zip file. When the zip file is unpacked there is no check on a directory traversal. So a file can be unpacked as ../blah putting it in the directory above. I assume this then is how they drop their payload they want to run.

So... for now, manually download your subs and check the zip file. Inside the zip should just be text files you can check in Notepad.

I don't know if this is a bug in the subtitles addon, or in the zip file unpacker. Or a bit of both.

RE: Secirity Risk - Kodi Open Subtitles Addon Remote Code Execution - ronie - 2017-05-23

we fixed the issue recently: https://github.com/xbmc/xbmc/pull/12024
it's included in the upcoming kodi v17.2 release

RE: Secirity Risk - Kodi Open Subtitles Addon Remote Code Execution - ronie - 2017-05-23

and there it is: kodi-v172-minor-bug-fix-and-security-release

RE: Secirity Risk - Kodi Open Subtitles Addon Remote Code Execution - ymca - 2017-05-24

Cool, thank you all.

Latest Subtitle VNC hack - nassausky - 2017-05-24

Anybody see this article? According to this article https://www.helpnetsecurity.com/2017/05/23/subtitle-hack/
there is an updated fixed version of Kodi that prevents remote control access to your Kodi box. Is it posted yet on this website? How can I tell if I have a patched version?

Thanks for the info.

RE: Latest Subtitle VNC hack - Karellen - 2017-05-24

@nassausky

Please read here.... https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release

RE: Latest Subtitle VNC hack - Karellen - 2017-05-24

Moved to subtitle forum and merged into existing thread on same topic.

RE: Latest Subtitle VNC hack - skylarking - 2017-05-24

Came here after fumbling my way around the forums a bit and glad to see this subtitle vulnerability is fixed in 17.2 Nod

So great work seeing this fix so quickly Big Grin

I first looked under "Kodi related discussions" thinking it was a logical place to start my search and quickly found the closed thread Booby trapped subtitles.
However Martijn's answer within Booby trapped subtitles points to a dead link.
Same here.
I guess this is a result of the merge and move of this thread Blush

To help others find this thread more easily, maybe a moderator (or Martijn himself if he has required privileges) can please fix the above links to point to this thread Tongue

RE: Latest Subtitle VNC hack - Karellen - 2017-05-24

@skylarking.

Thanks for the heads up. Fixed.

RE: Latest Subtitle VNC hack - skylarking - 2017-05-24

Your welcome Big Grin

Please note i just edited my post to include another dead link that needs updating, specifically this one.

RE: Latest Subtitle VNC hack - Karellen - 2017-05-24

Thanks. That'll teach me to clean things up... I didn't want 20 different threads floating around the forum about the same thing so decided to start merging. Missed a couple!!

RE: Latest Subtitle VNC hack - skylarking - 2017-05-24

Rofl

Nothing wrong with a single post threads under various forums with one answer pointing to a main thread in an appropriate forum to discussing the issue in depth.
After all it makes it easier for people to find 'the one and only thread' that contains that main discussion.

Your achieved just that and 2/20 isn't too bad a hit rate Tongue

Thanks for your efforts Nod

RE: Latest Subtitle VNC hack - ashlar - 2017-05-24

Hi! I just wanted to say that I think having security fixes only for the latest release might not be the best course of action.

I understand not updating old releases with new features, totally. But not having security fixes risks leaving many, many people exposed for a variety of reasons.

I hope this decision can be changed. Thanks.

PS: I don't know how "easy" fix's implementation would be for previous releases.