Ubuntu Security Notice 4722-1 – It was discovered that ReadyMedia allowed subscription requests with a delivery URL on a different network segment than the fully qualified event-subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. It was discovered that ReadyMedia allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service.

Leave a comment