CVE-2022-28381

Vulnerability

ALLMediaServer version 1.6 contains a stack-based buffer overflow vulnerability in Mediaserver.exe. The flaw is triggered when a long string is sent to TCP port 888, overwriting the stack buffer. This issue is related to CVE-2017-17932. The software listens on port 888 by default and does not require authentication [1][2].

Exploitation

An unauthenticated attacker with network access to the affected service can send a specially crafted long string over TCP to port 888. No user interaction or special privileges are needed. The overflow occurs when Mediaserver.exe copies the received data into a fixed-size stack buffer without proper bounds checking, allowing the attacker to control the return address and subsequently execute arbitrary code [1][2].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the target system in the context of the Mediaserver.exe process. This can lead to complete compromise of the affected system, including data theft, service disruption, and further lateral movement within the network [1][2].

Mitigation

As of the available references, no official patch or updated version of ALLMediaServer has been released to fix this vulnerability. Users should restrict network access to port 888 using a firewall or by disabling the service entirely if not required. The software may be end-of-life (EOL); migrating to an alternative supported media server is recommended [1][2].