Bug 989948 - (CVE-2016-6255) VUL-0: CVE-2016-6255 libupnp: Unhandled POSTs can write to the filesystem by default
(CVE-2016-6255)
VUL-0: CVE-2016-6255 libupnp: Unhandled POSTs can write to the filesystem by ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.1
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/171164/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-07-21 09:28 UTC by Johannes Segitz
Modified: 2017-06-05 01:09 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-07-21 09:28:24 UTC
rh#1358612

A vulnerability was found in libupnp. If there's no registered handler for a POST request, the default behaviour is to write it to the filesyste. This allows attacker to store arbitrary data on deployed devices.

Fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1358612
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6255
http://seclists.org/oss-sec/2016/q3/118
Comment 1 Swamp Workflow Management 2016-07-21 22:00:56 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2017-05-26 19:05:34 UTC
Submitted version update to 1.6.21, should be binary compatible.
Comment 3 Bernhard Wiedemann 2017-05-26 20:00:40 UTC
This is an autogenerated message for OBS integration:
This bug (989948) was mentioned in
https://build.opensuse.org/request/show/498521 42.2 / libupnp
Comment 4 Andreas Stieger 2017-06-04 19:14:41 UTC
release, done
Comment 5 Swamp Workflow Management 2017-06-05 01:09:31 UTC
openSUSE-SU-2017:1485-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1006256,898167,989948
CVE References: CVE-2016-6255,CVE-2016-8863
Sources used:
openSUSE Leap 42.2 (src):    libupnp-1.6.21-4.3.1