CERT mailing list archives
Current Activity - CERT Releases UPnP Security Advisory
From: Current Activity <us-cert () us-cert gov>
Date: Tue, 29 Jan 2013 09:52:51 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Current Activity CERT Releases UPnP Security Advisory Original release date: January 29, 2013 Last revised: -- Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU#922681. US-CERT recommends that affected UPnP device vendors and developers obtain and employ libupnp version 1.6.18, which addresses these vulnerabilities. US-CERT recommends that users and administrators review CERT Vulnerability Note VU#922681, disable UPnP (if possible), and restrict access to SSDP (1900/upd) and Simple Object Access Protocol (SOAP) services from untrusted networks such as the Internet. Relevant URL(s): <http://www.kb.cert.org/vuls/id/922681> ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/current/#cert_releases_upnp_security_advisory For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUQfiOXdnhE8Qi3ZhAQJWtwf+KgLZ5QO3rWknuXPVHxtMebjLCE/rVvDR jcLGK/J98e2fAvgQLhw0eDLdG29Oq2lwIV+riHMxRbUznp0615zd6BhZRSEZwsLg 1JPpqGz8P7UTqtl0KUoaY7dotogey0C5v8AaXw6IuImOEVcF/rrQbRYAWjOPLJI0 +4IzA5LyfIHR9/qiyyoJdC6JOlBRfPexphTZzzz+eTDA91Nilc3+dZC6Qw1o77MG L4IOpRc9J/VsT4TQbN4lMQmnMcNQveKEyAH8Zt5h4Kvs2zyBbOpxCkUoJHkvU10l 5jXABFPVUYuaN6+WMa17mH7k8tnkv1lY4rN05slxhAmG2tAKRfiY+Q== =K0lM -----END PGP SIGNATURE-----
Current thread:
- Current Activity - CERT Releases UPnP Security Advisory Current Activity (Jan 29)