MiniUPnP < 1.9 Multiple Vulnerabilities

critical Nessus Plugin ID 80889

Synopsis

A network service running on the remote host has multiple vulnerabilities.

Description

According to its banner, the version of MiniUPnP running on the remote host is prior to 1.9. It is, therefore, affected by the following vulnerabilities :

- An unspecified flaw exists in the Domain Name System (DNS) related to the 'rebinding' interaction. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to run a client-side script that interacts with the systems on their network.

- A flaw exists in the GetListOfPortMappings() function within file upnpsoap.c due to improper sanitization of user-supplied input when handling SOAP connections. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.

- A buffer overflow condition exists in the ParseHttpHeaders() function within file upnphttp.c due to improper validation of user-supplied input when handling Content-Length HTTP headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition or the execution of arbitrary code.

- A flaw exists in the BuildHeader_upnphttp() function within file upnphttp.c due to insufficient checking for memory allocation failures. An unauthenticated, remote attacker can exploit this to have an unspecified impact.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MiniUPnP version 1.9 or later.

See Also

http://www.nessus.org/u?7516605f

Plugin Details

Severity: Critical

ID: 80889

File Name: miniupnpd_1_9.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 1/21/2015

Updated: 1/2/2019

Configuration: Enable paranoid mode

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:ND/RL:OF/RC:ND

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:miniupnp_project:miniupnpd

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 12/9/2014

Vulnerability Publication Date: 12/9/2014

Reference Information

BID: 71624