XMMS Remote input validation error

ID VU:583020
Type cert
Reporter CERT
Modified 2003-05-15T00:00:00



There is an input validation error in the stand-alone SOAP server XMMS Remote which allows unauthorized remote command execution.


XMMS Remote is a stand-alone XML/SOAP HTTP server implemented in PERL created by X2 Studios. It is used to monitor a running xmms media player client, typically on Mac OS X systems, but it appears to be easily ported to multiple platforms. (xmms, the X Multimedia System, is an audio player for X) The PERL module XMMS.pm contains an input validation error which allows arbitrary commands received from a network port (8086/tcp by default) to be executed in the command shell running the service.


In XMMS.pm, calls to the PERL function _system()_were passed in unfiltered:

sub do {
$do_call = "xmms -" . shift;
system $do_call;
return $do_call;

To mitigate this vulnerability, a regular expression was added to limit $command to one single character of input before being passed to system():

sub do {
$command = shift;
$command =~ /([\w])/;
$command = $1;
$do_call = "xmms -" . $command;
system $do_call;
return $do_call;


Unauthorized remote command execution with the privileges of the XMMS Remote service (note: not typically a privileged account).


Update to a non-vulnerable version of XMMS.pm (created after May 07, 2003 - 1:40PM PST):



Block external access to the XML/SOAP service being offered by XMMS Remote, port 8086/tcp by default.

Systems Affected

Vendor| Status| Date Notified| Date Updated
X2 Studios| | -| 14 May 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A



Credit to Chris Dolan for reporting this vulnerability to X2 Studios.

This document was written by Jeffrey S. Havrilla

Other Information

  • CVE IDs: Unknown
  • Date Public: 07 May 2003
  • Date First Published: 14 May 2003
  • Date Last Updated: 15 May 2003
  • Severity Metric: 1.62
  • Document Revision: 11