Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 562684 (CVE-2015-6031) - <net-libs/miniupnpc-2.0.20170509: buffer overflow (TALOS-2015-0035)
Summary: <net-libs/miniupnpc-2.0.20170509: buffer overflow (TALOS-2015-0035)
Status: RESOLVED FIXED
Alias: CVE-2015-6031
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://talosintel.com/reports/TALOS-2...
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-09 20:44 UTC by Luke-Jr
Modified: 2018-01-07 23:51 UTC (History)
4 users (show)

See Also:
Package list:
net-libs/miniupnpc-2.0.20170509
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Luke-Jr 2015-10-09 20:44:46 UTC
An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability.
Comment 1 Julian Ospald 2015-10-23 14:00:45 UTC
afais this is fixed since net-libs/miniupnpc-1.9.20150917-r1 so we need to stabilize this or backport it to 1.8

see https://github.com/miniupnp/miniupnp/commit/2f5cc790339cf69871162dcf535c1c5f08b836be

Can we get a statement from the maintainer?
Comment 2 Thomas Deutschmann gentoo-dev Security 2016-12-05 20:23:26 UTC
$ git tag --contains 2f5cc790339cf69871162dcf535c1c5f08b836be | sort
minissdpd_1_5
miniupnpc_2_0
miniupnpd_2_0


@ Maintainer(s): Please bump to >=net-libs/miniupnpc-2.0 (https://github.com/miniupnp/miniupnp/releases/tag/miniupnpc_2_0).
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-20 16:23:16 UTC
current status in tree:

Keywords for net-libs/miniupnpc:
             |                                 |   u      |  
             | a a         p   a     n r     s |   n      |  
             | l m   h i   p   r m m i i s   p | e u s    | r
             | p d a p a p c x m i 6 o s 3   a | a s l    | e
             | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o    | p
             | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t    | o
-------------+---------------------------------+----------+-------
         1.8 | o + + + o + + + o ~ o o o o o + | 5 o 0    | gentoo
-------------+---------------------------------+----------+-------
1.9.20151008 | o + + + o + + + o ~ o o o o o + | 5 o 0/14 | gentoo
-------------+---------------------------------+----------+-------
2.0.20161216 | o ~ ~ ~ o ~ ~ ~ o ~ o o o o o ~ | 6 # 0/16 | gentoo
2.0.20170509 | o + + ~ o + + + ~ ~ o o o o o + | 6 o      | gentoo


Gentoo Security Padawan
ChrisADR
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2017-09-24 23:33:03 UTC
hppa arch please stabilize.
Comment 5 Sergei Trofimovich gentoo-dev 2017-12-09 20:13:29 UTC
hppa stable
Comment 6 D'juan McDonald (domhnall) 2018-01-05 03:37:45 UTC
All arches stabilized, maintainter(s), please cleanup, thank you!



Gentoo Security Padawan
(Jmbailey/mbailey_j)
Comment 7 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-01-05 09:03:55 UTC
It was cleaned Jan 2 already:

Keywords for net-libs/miniupnpc:
                |                                 |   u      |  
                | a a         p   a     n r     s |   n      |  
                | l m   h i   p   r m m i i s   p | e u s    | r
                | p d a p a p c x m i 6 o s 3   a | a s l    | e
                | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o    | p
                | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t    | o
----------------+---------------------------------+----------+-------
   2.0.20170509 | o + + + o + + + ~ ~ o o o o o + | 6 o 0/16 | gentoo
[I]2.0.20171212 | o ~ ~ ~ o ~ ~ ~ ~ ~ o o o o o ~ | 6 o      | gentoo
Comment 8 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-01-05 13:59:56 UTC
glsa request has already been filed
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2018-01-07 23:51:45 UTC
This issue was resolved and addressed in
 GLSA 201801-08 at https://security.gentoo.org/glsa/201801-08
by GLSA coordinator Aaron Bauman (b-man).