Buffer overflow : libupnp Multiple Buffer Overflow Vulnerabilities (TCP)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105882

Categoría: Buffer overflow

Título: libupnp Multiple Buffer Overflow Vulnerabilities (TCP)

Resumen: Updates are available. Please see the references for more information.;; This VT has been deprecated and merged into the VT 'libupnp Multiple Buffer Overflow Vulnerabilities'; (OID: 1.3.6.1.4.1.25623.1.0.103658.

Descripción: Summary:
Updates are available. Please see the references for more information.

This VT has been deprecated and merged into the VT 'libupnp Multiple Buffer Overflow Vulnerabilities'
(OID: 1.3.6.1.4.1.25623.1.0.103658.

Vulnerability Impact:
An attacker can exploit these issues to execute arbitrary code in the
context of the device that uses the affected library. Failed exploit
attempts will likely crash the application.

Affected Software/OS:
libupnp versions prior to 1.6.18 are affected.

Solution:
libupnp is prone to multiple buffer-overflow vulnerabilities because
it fails to perform adequate boundary checks on user-supplied data.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-5958
BugTraq ID: 57602
http://www.securityfocus.com/bid/57602
CERT/CC vulnerability note: VU#922681
http://www.kb.cert.org/vuls/id/922681
Cisco Security Advisory: 20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
Debian Security Information: DSA-2614 (Google Search)
http://www.debian.org/security/2013/dsa-2614
Debian Security Information: DSA-2615 (Google Search)
http://www.debian.org/security/2013/dsa-2615
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098
http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
https://www.tenable.com/security/research/tra-2017-10
SuSE Security Announcement: openSUSE-SU-2013:0255 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-5959
Common Vulnerability Exposure (CVE) ID: CVE-2012-5960
Common Vulnerability Exposure (CVE) ID: CVE-2012-5961
Common Vulnerability Exposure (CVE) ID: CVE-2012-5962
Common Vulnerability Exposure (CVE) ID: CVE-2012-5963
Common Vulnerability Exposure (CVE) ID: CVE-2012-5964
Common Vulnerability Exposure (CVE) ID: CVE-2012-5965

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105882
Categoría:	Buffer overflow
Título:	libupnp Multiple Buffer Overflow Vulnerabilities (TCP)
Resumen:	Updates are available. Please see the references for more information.;; This VT has been deprecated and merged into the VT 'libupnp Multiple Buffer Overflow Vulnerabilities'; (OID: 1.3.6.1.4.1.25623.1.0.103658.
Descripción:	Summary: Updates are available. Please see the references for more information. This VT has been deprecated and merged into the VT 'libupnp Multiple Buffer Overflow Vulnerabilities' (OID: 1.3.6.1.4.1.25623.1.0.103658. Vulnerability Impact: An attacker can exploit these issues to execute arbitrary code in the context of the device that uses the affected library. Failed exploit attempts will likely crash the application. Affected Software/OS: libupnp versions prior to 1.6.18 are affected. Solution: libupnp is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5958 BugTraq ID: 57602 http://www.securityfocus.com/bid/57602 CERT/CC vulnerability note: VU#922681 http://www.kb.cert.org/vuls/id/922681 Cisco Security Advisory: 20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp Debian Security Information: DSA-2614 (Google Search) http://www.debian.org/security/2013/dsa-2614 Debian Security Information: DSA-2615 (Google Search) http://www.debian.org/security/2013/dsa-2615 http://www.mandriva.com/security/advisories?name=MDVSA-2013:098 http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb https://www.tenable.com/security/research/tra-2017-10 SuSE Security Announcement: openSUSE-SU-2013:0255 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2012-5959 Common Vulnerability Exposure (CVE) ID: CVE-2012-5960 Common Vulnerability Exposure (CVE) ID: CVE-2012-5961 Common Vulnerability Exposure (CVE) ID: CVE-2012-5962 Common Vulnerability Exposure (CVE) ID: CVE-2012-5963 Common Vulnerability Exposure (CVE) ID: CVE-2012-5964 Common Vulnerability Exposure (CVE) ID: CVE-2012-5965
Copyright	Copyright (C) 2013 Greenbone AG