Detections
Analytics
Debian DSA-3736-1 : libupnp - security update
critical Nessus Plugin ID 96015
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Two vulnerabilities were discovered in libupnp, a portable SDK for UPnP devices.- CVE-2016-6255 Matthew Garret discovered that libupnp by default allows any user to write to the filesystem of the host running a libupnp-based server application.
- CVE-2016-8863 Scott Tenaglia discovered a heap buffer overflow vulnerability, that can lead to denial of service or remote code execution.
Solution
Upgrade the libupnp packages.For the stable distribution (jessie), these problems have been fixed in version 1:1.6.19+git20141001-1+deb8u1.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831857
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842093
https://security-tracker.debian.org/tracker/CVE-2016-6255
https://security-tracker.debian.org/tracker/CVE-2016-8863
https://packages.debian.org/source/jessie/libupnp
Plugin Details
Severity: Critical
ID: 96015
File Name: debian_DSA-3736.nasl
Version: 3.10
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 12/20/2016
Updated: 1/11/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:libupnp, cpe:/o:debian:debian_linux:8.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/16/2016
Reference Information
CVE: CVE-2016-6255, CVE-2016-8863
DSA: 3736
TRA: TRA-2017-10