CVE-2012-5961

Portable UPnP SDK - 'unique_service_name()' Remote Code Execution

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.

Desbordamiento de búfer basado en pila en la función de unique_service_name en ssdp/ssdp_server.c en el analizador SSDP en el SDK portátil para dispositivos UPnP (alias libupnp, anteriormente el SDK Intel para dispositivos UPnP) v1.3.1 que permite a atacantes remotos ejecutar código arbitrario a través de un campo long UDN (alias dispositivo) de un paquete UDP.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-11-21 CVE Reserved
2013-01-31 CVE Published
2013-02-05 First Exploit
2024-08-06 CVE Updated
2024-10-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (16)

URL	Tag	Source
http://pupnp.sourceforge.net/ChangeLog	X_refsource_confirm
http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf	X_refsource_confirm
http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf	X_refsource_confirm
http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf	X_refsource_confirm
http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf	X_refsource_confirm
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play	X_refsource_misc
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf	X_refsource_misc
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb	X_refsource_misc
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/24455	2013-02-05
http://www.securityfocus.com/bid/57602	2024-08-06

URL	Date	SRC
http://www.kb.cert.org/vuls/id/922681	2015-09-02

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp	2015-09-02
http://www.debian.org/security/2013/dsa-2614	2015-09-02
http://www.debian.org/security/2013/dsa-2615	2015-09-02
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098	2015-09-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libupnp Project Search vendor "Libupnp Project"		Libupnp Search vendor "Libupnp Project" for product "Libupnp"				1.3.1 Search vendor "Libupnp Project" for product "Libupnp" and version "1.3.1"		-		Affected