Mandriva Linux Security Advisory : libupnp (MDVSA-2013:098)

Critical Nessus Plugin ID 66110


The remote Mandriva Linux host is missing one or more security updates.


Updated libupnp packages fix security vulnerabilities :

The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet (CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965).


Update the affected packages.

Plugin Details

Severity: Critical

ID: 66110

File Name: mandriva_MDVSA-2013-098.nasl

Version: $Revision: 1.5 $

Type: local

Published: 2013/04/20

Modified: 2014/03/27

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64ixml2, p-cpe:/a:mandriva:linux:lib64threadutil6, p-cpe:/a:mandriva:linux:lib64upnp-devel, p-cpe:/a:mandriva:linux:lib64upnp6, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/04/10

Exploitable With

Metasploit (Portable UPnP SDK unique_service_name() Remote Code Execution)

Reference Information

CVE: CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965

BID: 57602

MDVSA: 2013:098

MGASA: 2013-0037