Kodi Local File Inclusion Vulnerability


i’ve scanned my rpi for vulnerabilities and found out it has CVE-2017-5982 vulnerability…
You can try it out:


osmc@osmc:~$ grep Kodi .kodi/temp/kodi.log | head -3
16:38:52.909 T:1925374544 NOTICE: Starting Kodi (17.6). Platform: Linux ARM (Thumb) 32-bit
16:38:52.909 T:1925374544 NOTICE: Using Release Kodi x32 build (version for Raspberry Pi)
16:38:52.909 T:1925374544 NOTICE: Kodi compiled Dec 31 2018 by GCC 6.3.0 for Linux ARM (Thumb) 32-bit version 4.9.30 (264478)

That’s pretty interesting

Indeed — there is no resolution for this in Kodi v17.

You may wish to disable the web server

1 Like

The webserver in kodi has been plauged by issues for a long time if you dont need it disable it or make it only respond on your lan via iptables.

iptables -A INPUT -p tcp --dport 80 -s -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -s -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP