Debian Security Advisory 2614-1

Debian Security Advisory 2614-1: Posted Feb 4, 2013; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2614-1 - Multiple stack-based buffer overflows were discovered in libupnp, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function.; tags | advisory, overflow, protocol; systems | linux, debian; advisories | CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965; SHA-256 | 8b4ec6bd7b11036ad78a8dda85124db58bbe331d1cd2fee2af1493bd0aefc13d; Download | Favorite | View

Debian Security Advisory 2614-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2614-1                   security@debian.org
http://www.debian.org/security/                         Yves-Alexis Perez
February 01, 2013                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libupnp
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 
                 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965
Debian Bug     : 699316

Multiple stack-based buffer overflows were discovered in libupnp, a library
used for handling the Universal Plug and Play protocol. HD Moore from Rapid7
discovered that SSDP queries where not correctly handled by the
unique_service_name() function.

An attacker sending carefully crafted SSDP queries to a daemon built on libupnp
could generate a buffer overflow, overwriting the stack, leading to the daemon
crash and possible remote code execution.

For the stable distribution (squeeze), these problems have been fixed in
version 1:1.6.6-5+squeeze1.

For the testing distribution (wheezy), these problems have been fixed in
version 1:1.6.17-1.2.

For the unstable distribution (sid), these problems have been fixed in
version 1:1.6.17-1.2.

We recommend that you upgrade your libupnp packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBCgAGBQJRDOe7AAoJEG3bU/KmdcClR6sH/1tMFZTfqjzSEvU81ck6m7Fs
QD5r45u6YpCfjioo9K6RvRdQ1JqU/8R4sSnrJPVJdf7xiEtxEZJ8DG+A7nt60Dmp
iBG8RJYU0lc2KeADEiejZy02V/wGRPi+fe931X6Vpqaho6BUWEyXb0xm6qY2MV8n
FrJh8aKYjmOjH2WCGSLitsfC0BNpjc++MP9KFQPMLK6lXq68dz/rDnClWinFeEr0
fehtWrdM17az6fLUihwo9TXByH9gZmdFj/F0vlARBzkv29jUlAtu55hS3nbCJUCB
1rH0HifatkkZ2h4guMDC6SmFFHGxI+9JSz9TrfdkUtb6fwPNB4hGP8TT0GAMhag=
=MYvI
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 2614-1

Debian Security Advisory 2614-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2614-1

Share This

Debian Security Advisory 2614-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems