Информационная безопасность
[RU] switch to English


Ошибка форматной строки в маршрутизаторах на чипсете Broadcom
дополнено с 4 февраля 2013 г.
Опубликовано:11 февраля 2013 г.
Источник:
SecurityVulns ID:12852
Тип:библиотека
Уровень опасности:
8/10
Описание:Ошибка форматной строки в стеке UPnP
Затронутые продукты:CISCO : Linksys WRT54GL
 LIBUPNP : libupnp 1.3
 LIBUPNP : libupnp 1.6
CVE:CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.)
 CVE-2012-5964 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet.)
 CVE-2012-5963 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet.)
 CVE-2012-5962 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn) field in a UDP packet.)
 CVE-2012-5961 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.)
 CVE-2012-5960 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.)
 CVE-2012-5959 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.)
 CVE-2012-5958 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.)
Оригинальный текстdocumentdefensecode_(at)_defensecode.com, DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up (11.02.2013)
 documentdefensecode_(at)_defensecode.com, DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability (04.02.2013)
Файлы:Vulnerability Note VU#922681 Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород