Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:UPNP:LIBUPNP-DSN-BOF

Severity

 High

Recommended

 Yes

Recommended Action

 Drop

Category

 APP

Keywords

 Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer Overflow

Release Date

 2013/05/23

Update Number

 2266

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer Overflow


This signature detects possible attempts to exploit a known vulnerability in the Portable SDK for UPnP Devices libupnp Device Service Name. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Extended Description

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.

Affected Products

  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8
  • portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
  • portable_sdk_for_upnp_project portable_sdk_for_upnp up to 1.6.17

References

  • BugTraq: 57602
  • CVE: CVE-2012-5958

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out