Impact: Information disclosure up to code executionĪffected component: Plex Media Server's SSDP discovery / parsing with libxml2 Initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.Įxploitation can be demonstrated using evil-ssdp ().ĭisclosed to Plex security team, pending resolution. Initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password. Access arbitrary files from the filesystem with the same permission as the user account running Plex. Unauthenticated attackers on the same LAN can use this vulnerability to: The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Start: Job is already running: running Ubuntu 64 bit 12.Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Start: Job is already running: sudo service plexmediaserver start Plexmediaserver start/running, process sudo service plexmediaserver start Stop: Unknown sudo service plexmediaserver start I noticed it is unable to create the /usr/lib/plexmediaserver folder as it doesnt existĪlso i can see that i cannot stop the pms server and every time i run it it runs with a diff pid sudo service plexmediaserver stop Now i installed PMS again but it won't run So i removed PMS and removed the /var/lib/plexmediaserver folder I thought it was a PMS issue so i thought lets remove it completely and reinstall again, (Mind you library updates still happened successfully) PMS managed to stream perfectly from my network shares when i was on sshfs, but it stopped working as i enabled and used NFS. Recently i switched from sshfs to NFS for my network shares, I had PlexMediaServer (PMS from here on) installed on my Ubuntu Machine,
0 kommentar(er)
