|
|
01-08-2006, 01:03 AM
|
|||
|
|||
|
What is port TCP 8135 used for?
Did a scan on it and got this back, which looks pretty bad.
I *think* I read somewhere that it is related to BTV, but wanted to make sure. Thanks - J ========================= The remote web server is vulnerable to a path traversal vulnerability. An attacker may exploit this flaw to read arbitrary files on the remote system with the privileges of the http process. Requesting the file c:\boot.ini returns : [boot loader] timeout=30
__________________
AMD Athlon X2 4400+, PVR 250, ATI HDWonder, 3 gig ram, Nvidia 6600 out to TV, Eventghost (replacing firefly), BTV 4.8.1 
|
|
01-08-2006, 01:15 AM
|
|||
|
|||
|
Re: What is port TCP 8135 used for?
Here are the ports that BTV uses.
8129: Beyond TV uses this port for access to the Web Admin interface. 1755: Beyond TV uses this port to stream recorded content through Web Admin. 8080: Beyond TV uses this port to stream live TV through Web Admin. 8135: Beyond TV uses this port to download shows through Web Admin. If you use a router, then you'll need to configure it to forward to those ports.
__________________
Server - Windows XP Pro, Beyond TV v4.9.1 w/DVD Plugin, Beyond Media v1.1.2, Firefly Remote, AMD Athlon X2 5000, 2GB PC6400 RAM, 1 TB RAID 0 (2x500GB Seagate), Geforce 8500GT, Antec Case, WinTV PVR250, PVR150, PVR-USB2, WinTV-HVR-950, WinTV-HVR-2250, USB-UIRT Blaster, 55' Sony HDTV Link Machine - Windows XP Home, Beyond TV Link v4.9.1, 2.8 Ghz Gateway Laptop, 1GB PC2700 RAM, 60 GB HD, 10/100 ethernet, 802.11G Wifi Bedroom TV - MediaMVP w/ BTV 4.X skin from sourceforge.net. Last edited by Cross673; 01-08-2006 at 01:17 AM.
|
|
01-08-2006, 01:17 AM
|
|||
|
|||
|
Re: What is port TCP 8135 used for?
I don't recommend opening port 8135 to the Internet because of the vulnerabilties mentioned on my original post.
I hope the developers are reading this post. - J
__________________
AMD Athlon X2 4400+, PVR 250, ATI HDWonder, 3 gig ram, Nvidia 6600 out to TV, Eventghost (replacing firefly), BTV 4.8.1
|
|
01-08-2006, 02:45 AM
|
|||
|
|||
|
Re: What is port TCP 8135 used for?
You can password protect your BTV Web Admin. Therefore the security risk should be greatly reduced.
__________________
Server - Windows XP Pro, Beyond TV v4.9.1 w/DVD Plugin, Beyond Media v1.1.2, Firefly Remote, AMD Athlon X2 5000, 2GB PC6400 RAM, 1 TB RAID 0 (2x500GB Seagate), Geforce 8500GT, Antec Case, WinTV PVR250, PVR150, PVR-USB2, WinTV-HVR-950, WinTV-HVR-2250, USB-UIRT Blaster, 55' Sony HDTV Link Machine - Windows XP Home, Beyond TV Link v4.9.1, 2.8 Ghz Gateway Laptop, 1GB PC2700 RAM, 60 GB HD, 10/100 ethernet, 802.11G Wifi Bedroom TV - MediaMVP w/ BTV 4.X skin from sourceforge.net.
|
|
01-08-2006, 02:47 AM
|
|||
|
|||
|
Re: What is port TCP 8135 used for?
I don't think you understand. The web server is vulnerable regardless of password protection or not.
- j
__________________
AMD Athlon X2 4400+, PVR 250, ATI HDWonder, 3 gig ram, Nvidia 6600 out to TV, Eventghost (replacing firefly), BTV 4.8.1
|
|
01-08-2006, 09:17 AM
|
||||
|
||||
|
Re: What is port TCP 8135 used for?
I think your mistaking an IIS/windows type server vulnerability. Someone who is trying to hack in through an open BTV port is not going to get very far.
Can you please elaborate on where/what source you got this information from that claims of this vulnerability? Something is fishy.
__________________
HomeyFour Core 2 Duo E7400 2.8 | 2048MB | Drive Pool: 120GB SATA 500GB SATA | HD HomeRun| PVR-150 x2 | PVR-500 | HD-PVR | Intel G41 DVI->HDMI | Antec Fusion | Samsung 46" DLP | BM | BTV Beta Link 1: Core 2 Duo E6300 | 2048MB | GeForce 6200LE | PureVideo | BM Link 2: Atom 330 | 2048MB | Nvidia ION | PureVideo | BM
|
|
01-08-2006, 11:38 AM
|
|||
|
|||
|
Re: What is port TCP 8135 used for?
I ran nessus against it.
Nessus could be wrong, but I rather not take my chances and expose this port to the Internet until someone from SS looks into it. I will see if I can come up w/ an example URL that exploits this. Thanks - J ---------------- Here is what the scanner reports shows.. The remote web server is vulnerable to a path traversal vulnerability. An attacker may exploit this flaw to read arbitrary files on the remote system with the privileges of the http process. Requesting the file c:\boot.ini returns : [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn Solution : upgrade your web server or change it. Risk factor : High CVE : CVE-2004-2628 BID : 10862 Other references : OSVDB:8372 ------------------ I looked at the plugin code and could not easily find out how the URL was crafted that allowed it to pull the system file c:\boot.ini Thanks - J
__________________
AMD Athlon X2 4400+, PVR 250, ATI HDWonder, 3 gig ram, Nvidia 6600 out to TV, Eventghost (replacing firefly), BTV 4.8.1 Last edited by jip; 01-08-2006 at 12:01 PM.
|
 |
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Must use same USB port? | hcjake | Beyond TV and Beyond TV Link User-to-User Troubleshooting & Support Forum | 5 | 02-27-2007 11:03 PM |
| Show Downloads on port 8135 are SLOW | ricflair | Beyond TV and Beyond TV Link User-to-User Troubleshooting & Support Forum | 0 | 09-15-2006 04:22 PM |
| COM Port help | mpyles | Beyond TV and Beyond TV Link | 1 | 11-13-2004 03:04 PM |
| TCP Port 8135? | gwhitw01 | Beyond TV and Beyond TV Link User-to-User Troubleshooting & Support Forum | 2 | 10-11-2004 01:10 PM |
| Which COM Port Does Beyond TV Use? | jaykchan | Beyond TV and Beyond TV Link User-to-User Troubleshooting & Support Forum | 6 | 06-01-2004 10:24 PM |
Linear Mode
