Skip to content
{ 2006 05 22 }

Podsploiting

We released two new security advisories today, regarding the podcast-catching clients prodder and perlpodder.

Both are vulnerable to remote arbitrary command execution by a malicious server, which can append the commands to the URL of the multimedia files.

Interestingly, security advisories regarding podcast clients or servers are very rare, although everyone and his dog is podcasting at the moment. Either all the programs are very secure, or nobody is having a closer look at the software. Guess what we think is the case…

The advisories can be found at

Heise already has a news item about it.

Oh, and by the way: If you want to tell SecuriTeam about your new advisories and want to use their GPG-key, it is expired since 2004-07-22. Not that it matters for the notification about a public advisory, but a group working in the security field should be able to update their keys, one would think…

Posted by phof on Monday, May 22, 2006, at 13:39. Filed under RedTeam. Tagged . Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog.

Post a Comment

Your email is never published nor shared.