OpenElec 6.0.3 / 7.0.1 Code Execution Vulnerability

Exploit for linux platform in category local exploits During my research about update mechanisms of open-source software I discovered vulnerabilities in OpenElec. == OVERVIEW == System affected: OpenElec CVE: CVE-2017-6445 Vulnerable component: auto-update feature Software-Version: 6.0.3, 7.0.1...

OpenElec 6.0.3 / 7.0.1 Code Execution

During my research about update mechanisms of open-source software I discovered vulnerabilities in OpenElec. == OVERVIEW == System affected: OpenElec CVE: CVE-2017-6445 Vulnerable component: auto-update feature Software-Version: 6.0.3, 7.0.1 User-Interaction: Reboot required Impact: Remote Code...

CVE-2017-6445

The auto-update feature of Open Embedded Linux Entertainment Center OpenELEC 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely...

CVE-2017-6445

OpenELEC has a CVE-2017-6445 issue affecting the auto-update feature in OpenELEC 6.0.3, 7.0.1, and 8.0.4. The update process uses neither encrypted connections nor signed updates, enabling a man-in-the-middle attacker to tamper with update packages and gain root access remotely. The description a...