icon

We found results for “

CVE-2012-5958

Date: January 31, 2013

Overview

The Portable SDK (Software Development Kit) for UPnP (Universal Plug and Play) Devices is an open-source project that allows developers to build UPnP devices and control point applications. It is also called the libupnp library. UPnP is a protocol that facilitates seamless communication between network-enabled devices and computers. UPnP support is enabled by default on tens of millions of systems, of which a good number of them are connected to the Internet. Affected versions of the Portable SDK for UPnP Devices have buffer overflow vulnerabilities that could let attackers run arbitrary code on affected devices.

Details

The CVE-2012-5958 vulnerability exists because of how malicious Simple Service Discovery Protocol (SSDP) requests are handled in the libupnp library. The weakness affects the SSDP’s unique_service_name function. This vulnerability enables a remote attacker to run arbitrary code via specially crafted UDP packets, which are not handled securely after a certain pointer subtraction. This could cause stack-based buffer overflow attacks, leading to DoS attacks and remote code execution against the vulnerable applications. This vulnerability may be exploited without requiring any form of authentication.

Affected Environments

Libupnp versions before 1.6.18

Remediation

Disable UPnP on every Internet-facing system. Implement hardening rules when setting up wireless devices, such as requiring authentication credentials to log in and disabling “Guest” access.

Prevention

Migrate your applications and devices to use libupnp v1.6.18 or higher

Language: C

Good to know:

icon
icon

Buffer Errors

CWE-119
icon

Upgrade Version

Upgrade to version release-1.8.0

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): Low
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional information:

Related Resources (21)