Joined: 12 May 2004
|Posted: Mon Jan 08, 2018 6:26 am Post subject: [ GLSA 201801-08 ] MiniUPnPc
|Gentoo Linux Security Advisory
Title: MiniUPnPc: Arbitrary code execution (GLSA 201801-08)
A vulnerability in MiniUPnPc might allow remote attackers to
execute arbitrary code.
The client library, enabling applications to access the services
provided by an UPnP “Internet Gateway Device” present on the network.
Vulnerable: < 2.0.20170509
Unaffected: >= 2.0.20170509
Architectures: All supported architectures
An exploitable buffer overflow vulnerability exists in the XML parser
functionality of the MiniUPnP library.
A remote attacker, by enticing a user to connect to a malicious server,
could cause the execution of arbitrary code with the privileges of the
user running a MiniUPnPc linked application.
There is no known workaround at this time.
All MiniUPnPc users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/miniupnpc-2.0.20170509"
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 1 time in total