CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Current Activity - CERT Releases UPnP Security Advisory

From: Current Activity <us-cert () us-cert gov>
Date: Tue, 29 Jan 2013 09:52:51 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Awareness System

US-CERT Current Activity
CERT Releases UPnP Security Advisory

Original release date: January 29, 2013
Last revised: --

Multiple vulnerabilities have been announced in libupnp, the open source
portable SDK for UPnP devices. Libupnp is employed by hundreds of
vendors for UPnP-enabled devices. Information is also available in CERT
Vulnerability Note VU#922681.

US-CERT recommends that affected UPnP device vendors and developers
obtain and employ libupnp version 1.6.18, which addresses these
vulnerabilities.

US-CERT recommends that users and administrators review CERT
Vulnerability Note VU#922681, disable UPnP (if possible), and restrict
access to SSDP (1900/upd) and Simple Object Access Protocol (SOAP)
services from untrusted networks such as the Internet.

Relevant URL(s):
<http://www.kb.cert.org/vuls/id/922681>


____________________________________________________________________

   Produced by US-CERT, a government organization.
____________________________________________________________________

This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy:
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/current/#cert_releases_upnp_security_advisory

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUQfiOXdnhE8Qi3ZhAQJWtwf+KgLZ5QO3rWknuXPVHxtMebjLCE/rVvDR
jcLGK/J98e2fAvgQLhw0eDLdG29Oq2lwIV+riHMxRbUznp0615zd6BhZRSEZwsLg
1JPpqGz8P7UTqtl0KUoaY7dotogey0C5v8AaXw6IuImOEVcF/rrQbRYAWjOPLJI0
+4IzA5LyfIHR9/qiyyoJdC6JOlBRfPexphTZzzz+eTDA91Nilc3+dZC6Qw1o77MG
L4IOpRc9J/VsT4TQbN4lMQmnMcNQveKEyAH8Zt5h4Kvs2zyBbOpxCkUoJHkvU10l
5jXABFPVUYuaN6+WMa17mH7k8tnkv1lY4rN05slxhAmG2tAKRfiY+Q==
=K0lM
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: