CVE-2013-2738

Vulnerability

MiniDLNA versions up to and including 1.1.2+dfsg are vulnerable to SQL injection. The vulnerability resides in the handling of user-supplied input within the SQL query construction, which can be exploited through crafted requests to the MiniDLNA media server. The official description and Debian security tracker indicate that this allows the retrieval of arbitrary files [1].

Exploitation

An attacker can exploit this SQL injection without authentication by sending specially crafted HTTP requests to the MiniDLNA server. The attacker does not require any special network position beyond network access to the server. By injecting SQL commands into vulnerable parameters, the attacker can manipulate the underlying database queries. The specific vector is detailed in the source references [1].

Impact

Successful exploitation allows an attacker to read arbitrary files from the server's filesystem through the SQL injection. This leads to a loss of confidentiality as sensitive files can be disclosed. The attacker gains the ability to retrieve any file accessible by the MiniDLNA process, potentially including configuration files, credentials, or other data.

Mitigation

Fixed versions are available: 1.1.2+dfsg-1 for unstable and later versions across Debian releases [1]. For older releases like Wheezy, the issue is considered minor and no security update was issued, as DLNA is only used in a trusted context [1]. Users should upgrade to at least version 1.1.2+dfsg-1 or later. If upgrading is not possible, restricting network access to the MiniDLNA server to trusted hosts is recommended.