Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 454570 - <net-libs/libupnp-1.6.18: various buffer overflows (CVE-2012-{5958,5959,5960})
Summary: <net-libs/libupnp-1.6.18: various buffer overflows (CVE-2012-{5958,5959,5960})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: http://www.kb.cert.org/vuls/id/922681
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-29 19:02 UTC by Hanno Böck
Modified: 2014-03-26 10:46 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2013-01-29 19:02:34 UTC
Three buffer overflows have been fixed with the release of libupnp 1.6.18:
http://pupnp.sourceforge.net/ChangeLog

This fix is a reaction to research of the security company rapid7 about vulnerable upnp devices. Further infos: http://www.kb.cert.org/vuls/id/922681
Comment 1 Bjarke Istrup Pedersen (RETIRED) gentoo-dev 2013-01-30 09:58:56 UTC
I have bumped libupnp to 1.6.18 - it just needs stabilization.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2013-02-05 13:52:26 UTC
Thanks, Hanno and Bjarke. 

Arches, please test and mark stable:
=net-libs/libupnp-1.6.18
Target KEYWORDS: "alpha amd64 arm hppa ppc ppc64 sparc x86"
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-02-05 13:53:28 UTC
CVE-2012-5960 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5960):
  Stack-based buffer overflow in the unique_service_name function in
  ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices
  (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows
  remote attackers to execute arbitrary code via a long UDN (aka
  upnp:rootdevice) field in a UDP packet.

CVE-2012-5959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5959):
  Stack-based buffer overflow in the unique_service_name function in
  ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices
  (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows
  remote attackers to execute arbitrary code via a long UDN (aka uuid) field
  within a string that contains a :: (colon colon) in a UDP packet.

CVE-2012-5958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5958):
  Stack-based buffer overflow in the unique_service_name function in
  ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices
  (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows
  remote attackers to execute arbitrary code via a UDP packet with a crafted
  string that is not properly handled after a certain pointer subtraction.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2013-02-09 15:23:08 UTC
Stable for HPPA.
Comment 5 Agostino Sarubbo gentoo-dev 2013-02-20 14:23:20 UTC
455784 is not anymore a blocker
Comment 6 Agostino Sarubbo gentoo-dev 2013-02-20 15:55:10 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-02-20 15:56:58 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-02-21 16:10:49 UTC
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-02-22 17:28:30 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-02-22 18:07:00 UTC
arm stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-02-23 15:03:00 UTC
alpha stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-02-23 21:59:44 UTC
ppc64 stable
Comment 13 Sean Amoss (RETIRED) gentoo-dev Security 2013-03-17 15:44:34 UTC
New GLSA request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-03-26 10:46:59 UTC
This issue was resolved and addressed in
 GLSA 201403-06 at http://security.gentoo.org/glsa/glsa-201403-06.xml
by GLSA coordinator Mikle Kolyada (Zlogene).