Portable UPnP SDK libupnp `unique_service_name()` Multiple Vulnerabilities
Last Update Date:
1 Feb 2013
Release Date:
30 Jan 2013
4106
Views
RISK: High Risk
TYPE: Operating Systems - Application Platforms
Multiple vulnerabilities have been identified in libupnp (Portable UPnP SDK), which can be exploited by malicious people to execute arbitrary code on the device, cause a denial of service or compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) when handling SSDP requests and can be exploited to cause stack-based buffer overflows.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Products that uses libupnp version 1.6.17 and prior.
These are categories of affected products:- Network devices such as routers (mainly broadband routers for home)
- IP telephone devices
- TV and DVD/BD recorders, connected to the Internet
- Other products with UPnP functions implemented
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 1.6.18
For devices using libupnp without this patch, you are suggested to use workaround first.
- Workaround:
- Deploy firewall rules to block access from internet to port 1900/udp.
- Disable UPnP on the device
Best practice of security
- As a best practice of security, you should not enable any features/functions that you do not require. If you are not sure if you need UPnP, you can follow the steps in the workaround section for some time to verify.
Vulnerability Identifier
Source
Related Link
Share with