logo
DATABASE RESOURCES PRICING ABOUT US

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : ReadyMedia (MiniDLNA) vulnerabilities (USN-4722-1)

Description

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4722-1 advisory. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695) - ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. (CVE-2020-28926) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related