Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647890 (CVE-2017-1000494) - <net-libs/miniupnpc-2.0.20171212: buffer overflow
Summary: <net-libs/miniupnpc-2.0.20171212: buffer overflow
Status: RESOLVED FIXED
Alias: CVE-2017-1000494
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/miniupnp/miniupnp/...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-16 17:31 UTC by Luke-Jr
Modified: 2018-11-23 23:32 UTC (History)
2 users (show)

See Also:
Package list:
=net-libs/miniupnpc-2.0.20171212
Runtime testing required: No
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Luke-Jr 2018-02-16 17:31:26 UTC 
It's not clear to me the extent of the risk for this one, but it seems like there's a possibility it can be used for remote code execution.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-14 22:37:08 UTC 
@Maintainers could you confirm if we are affected? Maybe 2.0.20171212 is affected, could you clean it if that's the case?

Thank you.
Comment 2 Patrick McLean gentoo-dev 2018-03-15 18:22:28 UTC 
Both miniupnpd and miniupnpc versions 2.0.20171212 contain the patch from the GitHub issue.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-15 18:38:03 UTC 
(In reply to Patrick McLean from comment #2)
> Both miniupnpd and miniupnpc versions 2.0.20171212 contain the patch from
> the GitHub issue.

Thanks, resolving as INVALID then.
Comment 4 Luke-Jr 2018-03-15 18:39:05 UTC 
What about 2.0.20170509?
Comment 5 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-15 18:51:56 UTC 
(In reply to Luke-Jr from comment #4)
> What about 2.0.20170509?

Oh, sorry, totally missed that one, I tracked miniupnpd instead of miniupnpc... you are right, @maintainers please call for stabilization when ready.

Thank you again Luke,
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2018-03-25 19:47:20 UTC 
=net-libs/miniupnpc-2.0.20171212 still needs to be stabilized and then cleaned.

net-misc/miniupnpd was never stable and is cleaned already.

@arches, please stabilize.
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-29 21:11:44 UTC 
commit e468d3a806be2cc0338e68c3b1a05a72d06501d8
Author: Markus Meier <maekke@gentoo.org>
Date:   Wed Mar 28 07:03:44 2018 +0200

    net-libs/miniupnpc: arm stable, bug #646550
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2018-04-01 14:19:25 UTC 
ppc64 stable
Comment 9 Larry the Git Cow gentoo-dev 2018-04-20 06:57:36 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10492091c3daa3562289d0c994988fead61d459e

commit 10492091c3daa3562289d0c994988fead61d459e
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-20 06:57:01 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-20 06:57:01 +0000

    net-libs/miniupnpc: stable 2.0.20171212 for ppc, bug #647890
    
    Bug: https://bugs.gentoo.org/647890
    Package-Manager: Portage-2.3.28, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc"

 net-libs/miniupnpc/miniupnpc-2.0.20171212.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 10 Matt Turner gentoo-dev 2018-04-22 19:18:00 UTC 
hppa stable
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2018-04-22 21:02:24 UTC 
GLSA Vote: No

@maintainer(s), please clean the vulnerable.
Comment 12 Michael Boyle 2018-07-24 02:30:59 UTC 
Ping Maintainer(s), Please clean vulnerable.

Michael Boyle
Gentoo Security Padawan
Comment 13 Andreas Sturmlechner gentoo-dev 2018-09-16 14:49:22 UTC 
7480bca9a03d61e1eeef3e7a11cbfedf02921710 cleaned up vulnerable.
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2018-11-23 23:32:28 UTC 
(In reply to Andreas Sturmlechner from comment #13)
> 7480bca9a03d61e1eeef3e7a11cbfedf02921710 cleaned up vulnerable.

Thanks, Andreas!