0

BrightSign mDNS Vulnerability

David Richardson

September 21, 2017 10:31

None

Follow

Hello,
Has anyone else seen an mDNS Vulnerability when doing an unauthenticated scan against any of the media players?

This was scanned using Nessus Pro.

I understand the box itself is a flavour of Linux but has no terminal access.

I have tried the NetBIOS settings on BrightAuthor client but doesnt change anything on the device.

Any help is appreciated.

 

 

 

Info on mDNS: The remote service understands the Bonjour (also known as ZeroConf or mDNS) protocol, which allows anyone to uncover information from the remote host such as its operating system type. 

Impact

An mDNS response to a unicast query originating outside of the local link network may result in information disclosure, such as disclosing the device type/model that responds to the request or the operating system running such software. The mDNS response may also be used to amplify denial of service attacks against other networks.

Solution

Block inbound and outbound mDNS on the WAN If such mDNS behavior is not a requirement for your organization, consider blocking the mDNS UDP port 5353 from entering or leaving your local link network.

 

Disable mDNS services Some software and devices may allow disabling of the mDNS services. Please consult with the vendor of your product.

 

 

• Facebook
• Twitter
• LinkedIn

5 comments

• 0
  
  Lyndon October 10, 2017 16:07

   

  are you using brightauthor? It is possible, via  script, to disable mdns on the player.  Which ba verion are you using?

• 0
  
  David Richardson October 10, 2017 16:18

  Yeah - we are using BA 4.6.0.8

• 0
  
  Lyndon October 10, 2017 18:27

   

  So there's two things to do.

   

  1. disable mdns with script

  2. disable a few lines int he autorun that's published with your brightauthor. The autoxml.brs file in the program files folder, under brightisgn, brightauthor, template.s..

   

  Search for advert, and put a single quote before each of these 5 linesstarting with the line starting service =, and ending with the line starting end if..

  

  The script to disable mdns is here:

  Just rename it to autorun.brs, and power up the player with it. 

  https://www.brightsignnetwork.com/download/Scripts/mdns_autorun.brs

• 0
  
  Dan Schell October 23, 2017 18:08

  The networking  group at my facility has picked up the same concern on recent network scans and plan to automatically disconnect the players from the local network in a few days if the service is not disabled.  This brings up a few questions:  1) If I disable the mDNS service on the players will it effect the capability to Publish projects to the Local Network or Manage players within BrightAuthor?  2) Does the procedure above apply to BrightAuthor 4.3.0.11 with player firmware 5.1.40/5.1.65?

• 0
  
  Lyndon October 23, 2017 18:17

   

  No, you can still do local network publishing. what won't work is automatic discovery of players on then network. So, if the players automatically showed up after lfn setup, you'll need to add each player by its ip address to brightauthor once you make the change.

   

  Keep in mind they're two changes. Disabling via script.

   

  Then, you must modify the autoxml.brs file that's under program files, brightsign, brightauthor, templates, autoxml.brs. That file, autoxml.brs, is what's called the autorun.brs when its' published to the sd card. In that file is where the bsp.advert and related lines needs to be disabled. If you don't disable that then the unit will crash on those lines when it tries to use mdns and it's not present.