diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-02-24 20:04:51 +0100 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-03-06 10:09:09 +0530 |
| commit | 24abd61c54b06df372fc8b825751fe17ce3a9410 (patch) | |
| tree | 726c6172260cedf8c1fa70d8d8559f2318b5475c | |
| parent | 4660316de237b8d0c0f28ea4ce277782900f4002 (diff) | |
| download | meta-openembedded-24abd61c54b06df372fc8b825751fe17ce3a9410.tar.gz | |
minidlna: ignore CVE-2024-51442
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-51442
The description of the vulnerability says "attacker [...] execute arbitrary
OS commands via a specially crafted minidlna.conf configuration file".
There is no official fix for this CVE, and upstream seems to be inactive
for the past 3 years.
The reason for ignoring this CVE is that the referenced minidlna.conf
file is in the /etc folder, and the file is not world-writable. Which
means that this vulnerability can be exploited only when someone is
root - but if the attacker is already root, they don't need to resort
to minidlna config-file modifications to execute any command they want.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
| -rw-r--r-- | meta-multimedia/recipes-multimedia/minidlna/minidlna.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc b/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc index cb2a1865e8..0dd297098c 100644 --- a/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc +++ b/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc | |||
| @@ -43,3 +43,4 @@ SYSTEMD_SERVICE:${PN} = "minidlna.service" | |||
| 43 | INITSCRIPT_NAME = "minidlna" | 43 | INITSCRIPT_NAME = "minidlna" |
| 44 | INITSCRIPT_PARAMS = "defaults 90" | 44 | INITSCRIPT_PARAMS = "defaults 90" |
| 45 | 45 | ||
| 46 | CVE_STATUS[CVE-2024-51442] = "not-applicable-config: vulnerability requires root access" | ||