Bug#699459: libupnp4: Multiple stack buffer overflow vulnerabilities

Thu, 31 Jan 2013 08:03:15 -0800 

Package: libupnp4
Severity: grave
Tags: security


More information is available at bug #699316 (including a patch).
According to bug #699351, these security problems are also found in
libupnp4.

Here's the original posting by Salvatore Bonaccorso <car...@debian.org>


Hi,

the following vulnerabilities were published for libupnp.

CVE-2012-5958[0]: Stack buffer overflow of Tempbuf
CVE-2012-5959[1]: Stack buffer overflow of Event->UDN
CVE-2012-5960[2]: Stack buffer overflow of Event->UDN
CVE-2012-5961[3]: Stack buffer overflow of Evt->UDN
CVE-2012-5962[4]: Stack buffer overflow of Evt->DeviceType
CVE-2012-5963[5]: Stack buffer overflow of Event->UDN
CVE-2012-5964[6]: Stack buffer overflow of Event->DeviceType
CVE-2012-5965[7]: Stack buffer overflow of Event->DeviceType

Upstream changelog for 1.6.18 states:

*******************************************************************************
Version 1.6.18
*******************************************************************************

2012-12-06 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

        Security fix for CERT issue VU#922681

        This patch addresses three possible buffer overflows in function
        unique_service_name(). The three issues have the folowing CVE numbers:

        CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf
        CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN
        CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN

        Notice that the following issues have already been dealt by previous
        work:

        CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN
        CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType
        CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN
        CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType
        CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958
    http://security-tracker.debian.org/tracker/CVE-2012-5958
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959
    http://security-tracker.debian.org/tracker/CVE-2012-5959
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960
    http://security-tracker.debian.org/tracker/CVE-2012-5960
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961
    http://security-tracker.debian.org/tracker/CVE-2012-5961
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962
    http://security-tracker.debian.org/tracker/CVE-2012-5962
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963
    http://security-tracker.debian.org/tracker/CVE-2012-5963
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964
    http://security-tracker.debian.org/tracker/CVE-2012-5964
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965
    http://security-tracker.debian.org/tracker/CVE-2012-5965

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to