Summary: | <net-libs/libupnp-1.6.18: various buffer overflows (CVE-2012-{5958,5959,5960}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gurligebis, maq, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.kb.cert.org/vuls/id/922681 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2013-01-29 19:02:34 UTC
I have bumped libupnp to 1.6.18 - it just needs stabilization. Thanks, Hanno and Bjarke. Arches, please test and mark stable: =net-libs/libupnp-1.6.18 Target KEYWORDS: "alpha amd64 arm hppa ppc ppc64 sparc x86" CVE-2012-5960 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5960): Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet. CVE-2012-5959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5959): Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet. CVE-2012-5958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5958): Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction. Stable for HPPA. 455784 is not anymore a blocker amd64 stable x86 stable sparc stable ppc stable arm stable alpha stable ppc64 stable New GLSA request filed. This issue was resolved and addressed in GLSA 201403-06 at http://security.gentoo.org/glsa/glsa-201403-06.xml by GLSA coordinator Mikle Kolyada (Zlogene). |