Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5959

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-5959
Last Modified 01 Sep 2015 01:02:28
Published 31 Jan 2013 04:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5959

Summary

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.

Vulnerable Systems

Application

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.0

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.1

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.2

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.3

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.4

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.5

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.6

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.4.7

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.0

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.1

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.10

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.11

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.12

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.13

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.14

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.15

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.16

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.17

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.2

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.3

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.4

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.5

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.6

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.7

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.8

  • Portable Sdk For Upnp Project Portable Sdk For Upnp 1.6.9


References

CERT-VN - VU#922681

MISC - https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf

MISC - https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

CISCO - 20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities

CONFIRM - http://pupnp.sourceforge.net/ChangeLog

DEBIAN - DSA-2615

DEBIAN - DSA-2614

SUSE - openSUSE-SU-2013:0255

CONFIRM - http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf

CONFIRM - http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf

CONFIRM - http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf

CONFIRM - http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037

MANDRIVA - MDVSA-2013:098

MISC - https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

BID - 57602


Last Updated: 27 May 2016 11:01:46