Overview
The Portable SDK (Software Development Kit) for UPnP (Universal Plug and Play) Devices is an open-source project that allows developers to build UPnP devices and control point applications. It is also called the libupnp library. UPnP is a protocol that facilitates seamless communication between network-enabled devices and computers. UPnP support is enabled by default on tens of millions of systems, of which a good number of them are connected to the Internet. Affected versions of the Portable SDK for UPnP Devices have buffer overflow vulnerabilities that could let attackers run arbitrary code on affected devices.
Details
The CVE-2012-5958 vulnerability exists because of how malicious Simple Service Discovery Protocol (SSDP) requests are handled in the libupnp library. The weakness affects the SSDP’s unique_service_name function. This vulnerability enables a remote attacker to run arbitrary code via specially crafted UDP packets, which are not handled securely after a certain pointer subtraction. This could cause stack-based buffer overflow attacks, leading to DoS attacks and remote code execution against the vulnerable applications. This vulnerability may be exploited without requiring any form of authentication.
Affected Environments
Libupnp versions before 1.6.18
Remediation
Disable UPnP on every Internet-facing system. Implement hardening rules when setting up wireless devices, such as requiring authentication credentials to log in and disabling “Guest” access.
Prevention
Migrate your applications and devices to use libupnp v1.6.18 or higher