Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2012-5958

Date: January 31, 2013

Overview

The Portable SDK (Software Development Kit) for UPnP (Universal Plug and Play) Devices is an open-source project that allows developers to build UPnP devices and control point applications. It is also called the libupnp library. UPnP is a protocol that facilitates seamless communication between network-enabled devices and computers. UPnP support is enabled by default on tens of millions of systems, of which a good number of them are connected to the Internet. Affected versions of the Portable SDK for UPnP Devices have buffer overflow vulnerabilities that could let attackers run arbitrary code on affected devices.

Details

The CVE-2012-5958 vulnerability exists because of how malicious Simple Service Discovery Protocol (SSDP) requests are handled in the libupnp library. The weakness affects the SSDP’s unique_service_name function. This vulnerability enables a remote attacker to run arbitrary code via specially crafted UDP packets, which are not handled securely after a certain pointer subtraction. This could cause stack-based buffer overflow attacks, leading to DoS attacks and remote code execution against the vulnerable applications. This vulnerability may be exploited without requiring any form of authentication.

Affected Environments

Libupnp versions before 1.6.18

Remediation

Disable UPnP on every Internet-facing system. Implement hardening rules when setting up wireless devices, such as requiring authentication credentials to log in and disabling “Guest” access.

Prevention

Migrate your applications and devices to use libupnp v1.6.18 or higher

Language: C

Good to know:

icon
icon

Buffer Errors

CWE-119
icon

Upgrade Version

Upgrade to version release-1.8.0

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): Low
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional information:

Related Resources (21)

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037
http://www.debian.org/security/2013/dsa-2614
https://nvd.nist.gov/vuln/detail/CVE-2012-5958
http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf
http://www.debian.org/security/2013/dsa-2615
https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5958
http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf
http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098
https://www.tenable.com/security/research/tra-2017-10
http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
http://www.securityfocus.com/bid/57602
http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html
http://pupnp.sourceforge.net/ChangeLog
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
http://www.kb.cert.org/vuls/id/922681
https://www.mend.io/vulnerability-database/CVE-2012-5958