Lucene search
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2013-098.NASLHistoryApr 20, 2013 - 12:00 a.m.
Mandriva Linux Security Advisory : libupnp (MDVSA-2013:098)
2013-04-2000:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
Updated libupnp packages fix security vulnerabilities :
The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet (CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2013:098.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(66110);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2012-5958", "CVE-2012-5959", "CVE-2012-5960", "CVE-2012-5961", "CVE-2012-5962", "CVE-2012-5963", "CVE-2012-5964", "CVE-2012-5965");
script_bugtraq_id(57602);
script_xref(name:"MDVSA", value:"2013:098");
script_xref(name:"MGASA", value:"2013-0037");
script_name(english:"Mandriva Linux Security Advisory : libupnp (MDVSA-2013:098)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated libupnp packages fix security vulnerabilities :
The Portable SDK for UPnP Devices libupnp library contains multiple
buffer overflow vulnerabilities. Devices that use libupnp may also
accept UPnP queries over the WAN interface, therefore exposing the
vulnerabilities to the internet (CVE-2012-5958, CVE-2012-5959,
CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963,
CVE-2012-5964, CVE-2012-5965)."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Portable UPnP SDK unique_service_name() Remote Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ixml2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64threadutil6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64upnp-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64upnp6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_set_attribute(attribute:"patch_publication_date", value:"2013/04/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64ixml2-1.6.15-2.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64threadutil6-1.6.15-2.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64upnp-devel-1.6.15-2.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64upnp6-1.6.15-2.1.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | lib64ixml2 | p-cpe:/a:mandriva:linux:lib64ixml2 |
| mandriva | linux | lib64threadutil6 | p-cpe:/a:mandriva:linux:lib64threadutil6 |
| mandriva | linux | lib64upnp-devel | p-cpe:/a:mandriva:linux:lib64upnp-devel |
| mandriva | linux | lib64upnp6 | p-cpe:/a:mandriva:linux:lib64upnp6 |
| mandriva | business_server | 1 | cpe:/o:mandriva:business_server:1 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965
Related
nessus
nessus
Fedora 18 : mediatomb-0.12.1-23.fc18 (2013-2377)
2013-02-21 00:00:00
openSUSE Security Update : libupnp (openSUSE-SU-2013:0255-1)
2014-06-13 00:00:00
Fedora 16 : libupnp-1.6.18-1.fc16 (2013-1713)
2013-02-13 00:00:00
securityvulns
securityvulns
Broadcom chipset routers format string vulnerability
2013-02-11 00:00:00
debian
debian
[SECURITY] [DSA 2614-1] libupnp security update
2013-02-02 10:17:31
[SECURITY] [DSA 2615-1] libupnp4 security update
2013-02-02 11:22:39
openvas
openvas
Debian: Security Advisory (DSA-2615-1)
2013-01-31 00:00:00
Fedora Update for mediatomb FEDORA-2013-2377
2013-02-22 00:00:00
Fedora Update for mediatomb FEDORA-2013-2352
2013-02-22 00:00:00
attackerkb
attackerkb
UPnP unique_service_name Buffer Overflow
2013-01-31 00:00:00
cisco
cisco
Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
2013-01-29 20:00:00
cert
cert
freebsd
freebsd
upnp -- multiple vulnerabilities
2012-11-21 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: mediatomb-0.12.1-23.fc18
2013-02-21 05:32:14
[SECURITY] Fedora 17 Update: libupnp-1.6.18-1.fc17
2013-02-12 05:10:57
[SECURITY] Fedora 17 Update: mediatomb-0.12.1-23.fc17
2013-02-21 05:48:15
gentoo
gentoo
libupnp: Arbitrary code execution
2014-03-26 00:00:00
metasploit
metasploit
UPnP SSDP M-SEARCH Information Discovery
2010-11-09 06:24:32
prion
prion
debiancve
debiancve
cve
cve
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
Portable SDK for UPnP Devices libupnp Root Device Service Name Stack Buffer Overflow (CVE-2012-5960)
2013-02-24 00:00:00
Portable SDK for UPnP Devices libupnp UUID Service Name Stack Buffer Overflow (CVE-2012-5959)
2013-02-21 00:00:00
Portable SDK for UPnP Root Device Buffer Overflow - Ver2 (CVE-2012-5960)
2018-06-25 00:00:00
packetstorm
packetstorm
libupnp 1.6.18 Denial Of Service
2020-11-26 00:00:00
zdt
zdt
libupnp 1.6.18 - Stack-based buffer overflow Exploit
2020-11-27 00:00:00
exploitdb
exploitdb
libupnp 1.6.18 - Stack-based buffer overflow (DoS)
2020-11-27 00:00:00
Related for MANDRIVA_MDVSA-2013-098.NASL