GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jan 08, 2018 6:26 am Post subject: [ GLSA 201801-08 ] MiniUPnPc |
 |
|
Gentoo Linux Security Advisory
Title: MiniUPnPc: Arbitrary code execution (GLSA 201801-08)
Severity: normal
Exploitable: remote
Date: 2018-01-07
Bug(s): #562684
ID: 201801-08
Synopsis
A vulnerability in MiniUPnPc might allow remote attackers to
execute arbitrary code.
Background
The client library, enabling applications to access the services
provided by an UPnP “Internet Gateway Device” present on the network.
Affected Packages
Package: net-libs/miniupnpc
Vulnerable: < 2.0.20170509
Unaffected: >= 2.0.20170509
Architectures: All supported architectures
Description
An exploitable buffer overflow vulnerability exists in the XML parser
functionality of the MiniUPnP library.
Impact
A remote attacker, by enticing a user to connect to a malicious server,
could cause the execution of arbitrary code with the privileges of the
user running a MiniUPnPc linked application.
Workaround
There is no known workaround at this time.
Resolution
All MiniUPnPc users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/miniupnpc-2.0.20170509"
|
References
CVE-2015-6031
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 1 time in total |
|
News & Announcements
