Arch Linux Security Advisory ASA-201608-8 ========================================= Severity: Medium Date : 2016-08-08 CVE-ID : CVE-2016-6255 Package : libupnp Type : arbitrary filesystem access Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libupnp before version 1.6.20-1 is vulnerable to arbitrary filesystem access. Resolution ========== Upgrade to 1.6.20-1. # pacman -Syu "libupnp>=1.6.20-1" The problem has been fixed upstream in version 1.6.20. Workaround ========== None. Description =========== A vulnerability was found in libupnp. If there's no registered handler for a POST or GET request, the default behavior is to write to or read from the filesystem. This allows an unauthenticated attacker to store or retrieve arbitrary data. This issue allows full host filesystem access if the process is running as root and using / as the web root. Impact ====== A remote attacker is able to read from or write to arbitrary files on the host filesystem via GET and POST requests. References ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255 http://www.openwall.com/lists/oss-security/2016/07/18/13