Your message dated Tue, 09 Dec 2014 15:24:22 +0000
with message-id <[email protected]>
and subject line Bug#772644: fixed in miniupnpd 1.8.20140523-4
has caused the Debian Bug report #772644,
regarding MiniUPnPd is vulnerable to DNS rebinding attacks
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
772644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772644
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: miniupnpd
Version: 1.8.20140523-3
Severity: grave
Tags: security patch
Stephen Röttger from Google did a security audit of MiniUPnPd, and found a few
issues, all now fixed upstream.
Extract from private messages who were forwarded to me (but which is fine to
disclose since there's already some public commits.
> MiniUPnP is vulnerable to DNS rebinding attacks which allows an attacker to
> trigger upnp actions through a malicious website. Wikipedia describes the
> attack quite well: http://en.wikipedia.org/wiki/DNS_rebinding.
> To mitigate this attack, MiniUPnP should check if the request's host header
> either contains an IP address or the hostname of the device.
>
> Besides that, I found a few memory corruption vulnerabilities in the code.
Fixes:
https://github.com/miniupnp/miniupnp/commit/d00b75782e7d73e78d0b935cee6f4873bc48c9e8
https://github.com/miniupnp/miniupnp/commit/7c91c4e933e96b913b72685d093126d282b87db6
Some memory corruption fix:
https://github.com/miniupnp/miniupnp/commit/e6bc04aa06341fa4df3ccae87a167e9adf816911
A buffer overrun in ParseHttpHeaders() fix:
https://github.com/miniupnp/miniupnp/commit/dd39ecaa935a9c23176416b38a3b80d577f21048
Added check if BuildHeader_upnphttp() failed to allocate memory:
https://github.com/miniupnp/miniupnp/commit/ec94c5663fe80dd6ceea895c73e2be66b1ef6bf4
I'm following-up with an upload in a few minutes.
Cheers,
Thomas Goirand (zigo)
--- End Message ---
--- Begin Message ---
Source: miniupnpd
Source-Version: 1.8.20140523-4
We believe that the bug you reported is fixed in the latest version of
miniupnpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated miniupnpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 09 Dec 2014 22:29:04 +0800
Source: miniupnpd
Binary: miniupnpd
Architecture: source amd64
Version: 1.8.20140523-4
Distribution: unstable
Urgency: high
Maintainer: Thomas Goirand <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
miniupnpd - UPnP and NAT-PMP daemon for gateway routers
Closes: 772644
Changes:
miniupnpd (1.8.20140523-4) unstable; urgency=high
.
* Fixes multiple vulnerabilities (Closes: #772644).
Checksums-Sha1:
7c99b4f3e625eadba029ffa6c296a0d692f6a952 1923 miniupnpd_1.8.20140523-4.dsc
f85e7e9a43e72f2fab3c24736beb31cc6c61fee7 17224
miniupnpd_1.8.20140523-4.debian.tar.xz
3e9fb3de77c0707abd230833e527ed86fe1b2eb3 84254
miniupnpd_1.8.20140523-4_amd64.deb
Checksums-Sha256:
d5d040c188609f8f02c67c7f45562697d4cd0631077a1e43fd3a1773195d2484 1923
miniupnpd_1.8.20140523-4.dsc
f256de94d0adde40eddd65430c54512d106ccfa200dfb3032ecbc78a4271fd2e 17224
miniupnpd_1.8.20140523-4.debian.tar.xz
33945fbfb594000e6b6bb4a0d6568d2571ba0490db1023a9cb673d0d51b0827c 84254
miniupnpd_1.8.20140523-4_amd64.deb
Files:
7b49f982edececb1a06d1df0c5919095 1923 net optional miniupnpd_1.8.20140523-4.dsc
bcc5630370db874263dd6fee72f30326 17224 net optional
miniupnpd_1.8.20140523-4.debian.tar.xz
ff547b42e61bab5915b094ddecaa8a59 84254 net optional
miniupnpd_1.8.20140523-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUhwtaAAoJENQWrRWsa0P+Nq4P/2iyYfge8JT9Nn79ls4VlFzC
mmkNnFPOrNk//gQ+DYZga6OnyO2u76eS4GQGZCf5m3pr018J3j++vMgFYWUYGJJq
G0S49KtgsTjIRgzWiykj5z/vw+i8+kAzUKD3G8DWIAGmUjr9MnNsUsWYG3Sp3eG8
DgQz8iz9GfIkj6lRxkwsqjORrEMlU6D9gDjAXbo+OTuvnZsrzG205a2e8Dte/Qxr
WyTVLjljjq2cN5VPa/F+0VWJSNgAOqF2o1K3Ec1IiBC07En+4mQFrNkXRa0WgZHn
hP6uLuo08n9N0yI4ek0eKsfgHaSUZYcd8/YElV8955fQD2YPr+8Ivq973Dum7BUg
Upi3qEQucoyYVvEBSSdba/IvvxYE3+KXs1RrNv3tdbCfvPZZ0o5NE9J4O+kveMmK
g2kxXIi1yp+yeNIAU7Q81vGCPu2azihEp/95vhvnIUW/ODlKPi4ucEeKvk3HFm+y
wD8pIMMJBIC+cCV5+YHuoAAMTeLO8mpXuB0F28zAMTaoR58lvY7mtBdANzKjX4At
LVueT9zgxC9qjrDEgJ3JFIc5Y8sSf5OKvO9oy8B+ilQDqf54ES7fNW0wy7/an1RW
fgOKMTcvTU/DhzpPRLBnsEaBCtw9TIX2kIw+2sw7sOlbhR3h3M/AdXbtYdjvbIz5
Rx7gJG4npmZeH8iHqjQf
=7Urk
-----END PGP SIGNATURE-----
--- End Message ---
