Music daemon musicd Multiple Command Arbitrary File Access
Remote / Network Access
Loss of Confidentiality
Music daemon (musicd) contains a flaw that may allow a malicious user to view arbitrary files. The issue is triggered when a remote attacker sends a LOAD request followed by the SHOWLIST command. It is possible that the flaw may allow the user to view system files resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): do not allow musicd to run as root and disallow remote access to the service.