[arch-security] [ASA-201608-8] libupnp: arbitrary filesystem access
Levente Polyak
anthraxx at archlinux.org
Mon Aug 8 01:08:55 UTC 2016
Arch Linux Security Advisory ASA-201608-8
=========================================
Severity: Medium
Date : 2016-08-08
CVE-ID : CVE-2016-6255
Package : libupnp
Type : arbitrary filesystem access
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package libupnp before version 1.6.20-1 is vulnerable to arbitrary
filesystem access.
Resolution
==========
Upgrade to 1.6.20-1.
# pacman -Syu "libupnp>=1.6.20-1"
The problem has been fixed upstream in version 1.6.20.
Workaround
==========
None.
Description
===========
A vulnerability was found in libupnp. If there's no registered handler
for a POST or GET request, the default behavior is to write to or read
from the filesystem. This allows an unauthenticated attacker to store or
retrieve arbitrary data. This issue allows full host filesystem access
if the process is running as root and using / as the web root.
Impact
======
A remote attacker is able to read from or write to arbitrary files on
the host filesystem via GET and POST requests.
References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255
http://www.openwall.com/lists/oss-security/2016/07/18/13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160808/2c536839/attachment.asc>
More information about the arch-security
mailing list