[arch-security] [ASA-201608-8] libupnp: arbitrary filesystem access
anthraxx at archlinux.org
Mon Aug 8 01:08:55 UTC 2016
Arch Linux Security Advisory ASA-201608-8
Date : 2016-08-08
CVE-ID : CVE-2016-6255
Package : libupnp
Type : arbitrary filesystem access
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package libupnp before version 1.6.20-1 is vulnerable to arbitrary
Upgrade to 1.6.20-1.
# pacman -Syu "libupnp>=1.6.20-1"
The problem has been fixed upstream in version 1.6.20.
A vulnerability was found in libupnp. If there's no registered handler
for a POST or GET request, the default behavior is to write to or read
from the filesystem. This allows an unauthenticated attacker to store or
retrieve arbitrary data. This issue allows full host filesystem access
if the process is running as root and using / as the web root.
A remote attacker is able to read from or write to arbitrary files on
the host filesystem via GET and POST requests.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security