Home page logo
/

funsec logo funsec mailing list archives

Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 29 Jan 2013 10:19:27 -0500

Its too bad many folks are too l33t to use things like FORTIFY_SOURCE
or safer string/memory functions.

There's a reason companies like Microsoft and Apple maintain banned
function lists (http://msdn.microsoft.com/en-us/library/bb288454.aspx
and 
https://developer.apple.com/library/mac/#documentation/security/conceptual/SecureCodingGuide/Articles/BufferOverflows.html).

How many home routers are vulnerable?

http://www.kb.cert.org/vuls/id/922681

Overview
The Portable SDK for UPnP Devices libupnp library contains multiple
buffer overflow vulnerabilities. Devices that use libupnp may also
accept UPnP queries over the WAN interface, therefore exposing the
vulnerabilitites to the internet.

Description
Universal Plug and Play (UPnP) is a set of network protocols designed
to support automatic discovery and service configuration. The Portable
SDK for UPnP Devices (libupnp) has its roots in the Linux SDK for UPnP
Devices and software from Intel (Intel Tools for UPnP Technologies and
later Developer Tools for UPnP Technologies). Many different vendors
produce UPnP-enabled devices that use libupnp.
...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]