Author Topic: [EN] security: Millions of devices vulnerable via UPnP (Read 3588 times)

michaa7 · « **on:** 2013/02/01, 14:04:15 »

Read:
http://www.h-online.com/security/news/item/Millions-of-devices-vulnerable-via-UPnP-Update-1794032.html

Scan:
http://upnp-check.rapid7.com/

vilde · « **Reply #1 on:** 2013/02/01, 16:14:54 »

I have no idea how good this online scanners are but I used above link and also checked everything with GRC | ShieldsUP! — Internet Vulnerability Profiling, https://www.grc.com/x/ne.dll?bh0bkyd2 And no security holes where found.

DeepDayze · « **Reply #2 on:** 2013/02/02, 02:22:30 »

Same here as I have a Pace router from ATT and no issues found

devil · « **Reply #3 on:** 2013/02/02, 12:04:31 »

a new version of libupnp came in tonight, adressing this issue.
Changelog:

Code: [Select]

libupnp (1:1.6.17-1.2) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix
    various stack-based buffer overflows in service_unique_name() function.
    This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,
    CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699316

greetz
devil

Author Topic: [EN] security: Millions of devices vulnerable via UPnP (Read 3588 times)

michaa7

[EN] security: Millions of devices vulnerable via UPnP

vilde

security: Millions of devices vulnerable via UPnP

DeepDayze

security: Millions of devices vulnerable via UPnP

devil

security: Millions of devices vulnerable via UPnP