Main Vulnerability Database SB2021060156

SB2021060156 - Ubuntu update for gupnp

Published: June 1, 2021

Security Bulletin ID SB2021060156

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Reliance on Reverse DNS Resolution for a Security-Critical Action (CVE-ID: CVE-2021-33516)

The vulnerability allows a remote attacker to perform DNS rebinding attacks.

The vulnerability exists due to a logic issue in GUPnP. A remote attacker can trick a victim's browser into triggering actions against local UPnP services implemented using this library and gain access to sensitive information (e.g. data exfiltration) or tamper with data.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-4970-1