Main Vulnerability Database SB2017030730

SB2017030730 - Fedora 26 update for libupnp

Published: March 7, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017030730

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Heap-based buffer overflow (CVE-ID: CVE-2016-8863)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21. A remote attacker can use a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Improper access control (CVE-ID: CVE-2016-6255)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2017-23535a31f8