DebianDEBIAN:DLA-454-1:AC1FD[SECURITY] [DLA 454-1] minissdpd security update
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Package : minissdpd
Version : 1.1.20120121-1+deb7u1
CVE ID : CVE-2016-3178 CVE-2016-3179
The minissdpd daemon contains a improper validation of array index
vulnerability (CWE-129) when processing requests sent to the Unix
socket at /var/run/minissdpd.sock the Unix socket can be accessed
by an unprivileged user to send invalid request causes an
out-of-bounds memory access that crashes the minissdpd daemon.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | i386 | minissdpd | < 1.2.20130907-3+deb8u1 | minissdpd_1.2.20130907-3+deb8u1_i386.deb |
| Debian | 8 | powerpc | minissdpd | < 1.2.20130907-3+deb8u1 | minissdpd_1.2.20130907-3+deb8u1_powerpc.deb |
| Debian | 8 | s390x | minissdpd | < 1.2.20130907-3+deb8u1 | minissdpd_1.2.20130907-3+deb8u1_s390x.deb |
| Debian | 7 | all | minissdpd | < 1.1.20120121-1+deb7u1 | minissdpd_1.1.20120121-1+deb7u1_all.deb |
| Debian | 8 | mipsel | minissdpd | < 1.2.20130907-3+deb8u1 | minissdpd_1.2.20130907-3+deb8u1_mipsel.deb |
| Debian | 7 | armhf | minissdpd | < 1.1.20120121-1+deb7u1 | minissdpd_1.1.20120121-1+deb7u1_armhf.deb |
| Debian | 8 | all | minissdpd | < 1.2.20130907-3+deb8u1 | minissdpd_1.2.20130907-3+deb8u1_all.deb |
| Debian | 8 | amd64 | minissdpd | < 1.2.20130907-3+deb8u1 | minissdpd_1.2.20130907-3+deb8u1_amd64.deb |
| Debian | 8 | arm64 | minissdpd | < 1.2.20130907-3+deb8u1 | minissdpd_1.2.20130907-3+deb8u1_arm64.deb |
| Debian | 7 | amd64 | minissdpd | < 1.1.20120121-1+deb7u1 | minissdpd_1.1.20120121-1+deb7u1_amd64.deb |
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%