Bug 1172700 (CVE-2020-12695)

Summary: VUL-0: CVE-2020-12695: hostapd: UPnP SUBSCRIBE misbehavior WPS AP
Product: [openSUSE] openSUSE Distribution Reporter: Alexander Bergmann <abergmann>
Component: BasesystemAssignee: Clemens Famulla-Conrad <cfamullaconrad>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: cfamullaconrad
Version: Leap 15.2   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/260921/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2020-06-09 07:33:43 UTC 
CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not
forbid the acceptance of a subscription request with a delivery URL on a
different network segment than the fully qualified event-subscription URL, aka
the CallStranger issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12695
http://www.openwall.com/lists/oss-security/2020/06/08/2
http://seclists.org/oss-sec/2020/q2/173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12695
https://github.com/yunuscadirci/CallStranger
https://www.callstranger.com
https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
https://www.kb.cert.org/vuls/id/339275
Comment 1 Clemens Famulla-Conrad 2020-10-28 10:20:41 UTC 
Tumbleweed: https://build.opensuse.org/request/show/838564
Comment 2 Clemens Famulla-Conrad 2021-02-10 08:26:15 UTC 
Fixed with version hostapd-2.9-69.18
Comment 3 OBSbugzilla Bot 2021-04-07 10:20:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1172700) was mentioned in
https://build.opensuse.org/request/show/883563 15.2 / hostapd
https://build.opensuse.org/request/show/883564 15.3 / hostapd
Comment 4 OBSbugzilla Bot 2021-04-07 14:20:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1172700) was mentioned in
https://build.opensuse.org/request/show/883614 Backports:SLE-15-SP3 / hostapd
Comment 5 Swamp Workflow Management 2021-04-09 04:17:46 UTC 
openSUSE-SU-2021:0519-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1150934,1172700,1184348
CVE References: CVE-2019-16275,CVE-2020-12695,CVE-2021-30004
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    hostapd-2.9-lp152.2.3.1
Comment 6 Swamp Workflow Management 2021-04-12 13:18:24 UTC 
openSUSE-SU-2021:0545-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1150934,1172700,1184348
CVE References: CVE-2019-16275,CVE-2020-12695,CVE-2021-30004
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    hostapd-2.9-bp152.2.3.1