GLSA-201801-08 : MiniUPnPc: Arbitrary code execution
Medium Nessus Plugin ID 105634
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201801-08 (MiniUPnPc: Arbitrary code execution)
An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library.
A remote attacker, by enticing a user to connect to a malicious server, could cause the execution of arbitrary code with the privileges of the user running a MiniUPnPc linked application.
There is no known workaround at this time.
SolutionAll MiniUPnPc users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/miniupnpc-2.0.20170509'