funsec mailing list archives
Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 29 Jan 2013 10:19:27 -0500
Its too bad many folks are too l33t to use things like FORTIFY_SOURCE or safer string/memory functions. There's a reason companies like Microsoft and Apple maintain banned function lists (http://msdn.microsoft.com/en-us/library/bb288454.aspx and https://developer.apple.com/library/mac/#documentation/security/conceptual/SecureCodingGuide/Articles/BufferOverflows.html). How many home routers are vulnerable? http://www.kb.cert.org/vuls/id/922681 Overview The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilitites to the internet. Description Universal Plug and Play (UPnP) is a set of network protocols designed to support automatic discovery and service configuration. The Portable SDK for UPnP Devices (libupnp) has its roots in the Linux SDK for UPnP Devices and software from Intel (Intel Tools for UPnP Technologies and later Developer Tools for UPnP Technologies). Many different vendors produce UPnP-enabled devices that use libupnp. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP Jeffrey Walton (Jan 29)
- Re: Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP Paul Ferguson (Jan 29)
- Re: Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP Valdis . Kletnieks (Jan 30)
- Re: Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP Paul Ferguson (Jan 29)