2012-10-31, 21:41
Got several high risk security issues in XBMC, would like to come in contact with a main developer or someone in charge of XBMC security.
Thanks
Best Regards
Lucas
Thanks
Best Regards
Lucas
(2012-10-31, 21:58)Martijn Wrote: [ -> ]just post what you found so they can look at it
(2012-10-31, 22:01)davilla Wrote: [ -> ]any xbmc users that has xbmc directly exposed on the net is a fool
(2012-10-31, 22:14)theuni Wrote: [ -> ]Any vulnerability will be fixed with a public commit.
We are nearing the beta stage for Frodo, so likely anything (major) you disclose now will be addressed before public release.
If they date back to Eden and are serious enough to warrant a point-release, that would be worth knowing ahead of time. But as davilla said, it would not be wise to expose xbmc publicly.. so i'm not sure what "serious enough" would be.
Quote:Thanks for baring with me.
(2012-11-04, 13:56)Tolriq Wrote: [ -> ]This was known for a very very long time
And is corrected in lasts Frodo nightly with added security on vfs handler.
When I first reported this the official answer was don't put your Xbmc on Internet it's not secure
Check : http://forum.xbmc.org/showthread.php?tid=81173
(2012-11-04, 15:45)amet Wrote: [ -> ]But then there would be no official document and no drama
(2012-11-04, 15:21)Montellese Wrote: [ -> ]Should be fixed with https://github.com/xbmc/xbmc/commit/bdff...ab52a65335. See how easy it is if you just post your findings here?
PS: You mentioned "serveral high security risks" in your initial post. Was this the only one or are there others you don't (want to?) share with us?