| Summary: | net-misc/minissdpd: improper validation of array index weakness | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | trivial | CC: | blueness |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2016/03/07/9 | ||
| Whiteboard: | ~3 [upstream] | ||
| Package list: | Runtime testing required: | --- | |
The effected versions have long been off the tree. Currently we only have 1.5.20160119 and 1.5.20160301 on the tree. (In reply to Anthony Basile from comment #1) > The effected versions have long been off the tree. Currently we only have > 1.5.20160119 and 1.5.20160301 on the tree. Is not clear to me if who made the advisory tested only on debian-ubuntu and/or he believes that only 1.2 version is affected. The patch has the following date: Date: Fri, 4 Mar 2016 12:38:18 +0100 Subject: [PATCH] Fix minissdpd.c handling of request with negative length Since the patch is recent, I really don't guess that we have a version that includes such patch. Maybe 1.5 is just not-affected. Patch exists upstream, but cannot be validated against the current sources. None of the effected code is found in the current upstream github or available Portage versions. Testing of the vulnerability was only confirmed on version 1.2.20130907-3, which has long been gone from the tree. Additionally, the package has never been marked stable. |
From ${URL} : A vulnerability in the minissdpd daemon has been found that affects minissdpd version 1.2.20130907-3 available in Debian and Ubuntu. The vulnerability can be exploited by a local unprivileged user with write access to /var/run/minissdpd.sock to crash the minissdpd daemon that runs with superuser privileges. More details at: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=minissdpd;dist=unstable. @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.