Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 Dec 2014 21:32:59 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: CVE Request: MiniUPnPd: several issues

Hi

Quoting from the Bug in the Debian bugtracker at
https://bugs.debian.org/772644 several issues were found in in
MiniUPnP:

On Tue, Dec 09, 2014 at 10:20:32PM +0800, Thomas Goirand wrote:
> Stephen Röttger from Google did a security audit of MiniUPnPd, and found a few
> issues, all now fixed upstream.
> 
> Extract from private messages who were forwarded to me (but which is fine to
> disclose since there's already some public commits.
> 
> > MiniUPnP is vulnerable to DNS rebinding attacks which allows an attacker to
> > trigger upnp actions through a malicious website. Wikipedia describes the
> > attack quite well: http://en.wikipedia.org/wiki/DNS_rebinding.
> > To mitigate this attack, MiniUPnP should check if the request's host header
> > either contains an IP address or the hostname of the device.
> > 
> > Besides that, I found a few memory corruption vulnerabilities in the code.
> 
> Fixes:
> 
> https://github.com/miniupnp/miniupnp/commit/d00b75782e7d73e78d0b935cee6f4873bc48c9e8
> https://github.com/miniupnp/miniupnp/commit/7c91c4e933e96b913b72685d093126d282b87db6
> 
> Some memory corruption fix:
> 
> https://github.com/miniupnp/miniupnp/commit/e6bc04aa06341fa4df3ccae87a167e9adf816911
> 
> A buffer overrun in ParseHttpHeaders() fix:
> 
> https://github.com/miniupnp/miniupnp/commit/dd39ecaa935a9c23176416b38a3b80d577f21048
> 
> Added check if BuildHeader_upnphttp() failed to allocate memory:
> 
> https://github.com/miniupnp/miniupnp/commit/ec94c5663fe80dd6ceea895c73e2be66b1ef6bf4

Can CVEs be assigned for these issues?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.