Re: Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP

[Paul Ferguson <fergdawgster () gmail com>]

UPnP is a security nightmare. Period.

- ferg


On Tue, Jan 29, 2013 at 7:19 AM, Jeffrey Walton <noloader () gmail com> wrote:

> Its too bad many folks are too l33t to use things like FORTIFY_SOURCE
> or safer string/memory functions.
>
> There's a reason companies like Microsoft and Apple maintain banned
> function lists (http://msdn.microsoft.com/en-us/library/bb288454.aspx
> and 
> https://developer.apple.com/library/mac/#documentation/security/conceptual/SecureCodingGuide/Articles/BufferOverflows.html).
>
> How many home routers are vulnerable?
>
> http://www.kb.cert.org/vuls/id/922681
>
> Overview
> The Portable SDK for UPnP Devices libupnp library contains multiple
> buffer overflow vulnerabilities. Devices that use libupnp may also
> accept UPnP queries over the WAN interface, therefore exposing the
> vulnerabilitites to the internet.
>
> Description
> Universal Plug and Play (UPnP) is a set of network protocols designed
> to support automatic discovery and service configuration. The Portable
> SDK for UPnP Devices (libupnp) has its roots in the Linux SDK for UPnP
> Devices and software from Intel (Intel Tools for UPnP Technologies and
> later Developer Tools for UPnP Technologies). Many different vendors
> produce UPnP-enabled devices that use libupnp.
> ...
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.



-- 
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.