security: Millions of devices vulnerable via UPnP

michaa7 · 2013/02/01, 14:04:15

Read:
http://www.h-online.com/security/news/item/Millions-of-devices-vulnerable-via-UPnP-Update-1794032.html

Scan:
http://upnp-check.rapid7.com/

vilde · 2013/02/01, 16:14:54

I have no idea how good this online scanners are but I used above link and also checked everything with GRC | ShieldsUP! — Internet Vulnerability Profiling, https://www.grc.com/x/ne.dll?bh0bkyd2 And no security holes where found.

DeepDayze · 2013/02/02, 02:22:30

Same here as I have a Pace router from ATT and no issues found

devil · 2013/02/02, 12:04:31

a new version of libupnp came in tonight, adressing this issue.
Changelog:

Code Auswählen

libupnp (1:1.6.17-1.2) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * debian/patches/0001-Security-fix-for-CERT-issue-VU-922681 added, fix
    various stack-based buffer overflows in service_unique_name() function.
    This fix CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,
    CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965. closes: #699316

greetz
devil

Siduction Forum

security: Millions of devices vulnerable via UPnP

michaa7

vilde

DeepDayze

devil