Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2012-5959

Published: 31/01/2013 Updated: 03/11/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Portable Sdk For Upnp Project

Vulnerability Summary

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) prior to 1.6.18 allows remote malicious users to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

portable sdk for upnp project portable sdk for upnp 1.6.11

portable sdk for upnp project portable sdk for upnp 1.6.10

portable sdk for upnp project portable sdk for upnp 1.6.2

portable sdk for upnp project portable sdk for upnp 1.6.1

portable sdk for upnp project portable sdk for upnp 1.4.2

portable sdk for upnp project portable sdk for upnp 1.4.1

portable sdk for upnp project portable sdk for upnp 1.6.15

portable sdk for upnp project portable sdk for upnp 1.6.14

portable sdk for upnp project portable sdk for upnp 1.6.6

portable sdk for upnp project portable sdk for upnp 1.6.5

portable sdk for upnp project portable sdk for upnp 1.4.6

portable sdk for upnp project portable sdk for upnp 1.4.5

portable sdk for upnp project portable sdk for upnp

portable sdk for upnp project portable sdk for upnp 1.6.16

portable sdk for upnp project portable sdk for upnp 1.6.9

portable sdk for upnp project portable sdk for upnp 1.6.8

portable sdk for upnp project portable sdk for upnp 1.6.7

portable sdk for upnp project portable sdk for upnp 1.6.0

portable sdk for upnp project portable sdk for upnp 1.4.7

portable sdk for upnp project portable sdk for upnp 1.4.0

portable sdk for upnp project portable sdk for upnp 1.6.13

portable sdk for upnp project portable sdk for upnp 1.6.12

portable sdk for upnp project portable sdk for upnp 1.6.4

portable sdk for upnp project portable sdk for upnp 1.6.3

portable sdk for upnp project portable sdk for upnp 1.4.4

portable sdk for upnp project portable sdk for upnp 1.4.3

Vendor Advisories

Debian CVElist Bug Report Logs: libupnp: Multiple stack buffer overflow vulnerabilities
Debian Bug report logs - #699316 libupnp: Multiple stack buffer overflow vulnerabilities Package: libupnp; Maintainer for libupnp is Nick Leverton <nick@levertonorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 30 Jan 2013 07:15:01 UTC Severity: grave Tags: patch, security Merged with 699342 Fo ...
Debian Security Advisories: DSA-2615-1 libupnp4 -- several vulnerabilities
Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function An attacker sending carefully crafted SSDP queries to a daemon built on libupnp4 could generate a bu ...
Debian Security Advisories: DSA-2614-1 libupnp -- several vulnerabilities
Multiple stack-based buffer overflows were discovered in libupnp, a library used for handling the Universal Plug and Play protocol HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function An attacker sending carefully crafted SSDP queries to a daemon built on libupnp could generate a buff ...
Cisco: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
The Portable Software Developer Kit (SDK) for Universal Plug-n-Play (UPnP) Devices contains a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer overflows when handling malicious Simple Service Discovery Protocol (SSDP) requests This library is used in several vendor network devi ...

Exploits

Exploit DB: Portable UPnP SDK - 'unique_service_name()' Remote Code Execution (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking def initialize(info = { ...

Github Repositories

https://github.com/finn79426/CVE-2012-5960-PoC

CVE-2012-5960, CVE-2012-5959 Proof of Concept

CVE-2012-5960-PoC CVE-2012-5960, CVE-2012-5959 Proof of Concept 隨手記錄一下最近玩的東西。 #!/usr/bin/python2 # -*- coding: utf-8 -*- # Usage: python2 libupnp_DoS_PoCpy import socket TARGET = 'TARGET_IP' ''' normal_traffic = \ 'M-SEARCH * HTTP/11\r\n' \ 'HOST:239255255250:1900\r\n'

https://github.com/lochiiconnectivity/vulnupnp

Discover uPNP devices vulnerable to CVE-2013-0229 / CVE-2013-0230 / CVE-2012-5958 / CVE-2012-5959

vulnupnp Discover uPNP devices vulnerable to CVE-2013-0229 / CVE-2013-0230 / CVE-2012-5958 / CVE-2012-5959

References

CWE-119https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-playhttp://pupnp.sourceforge.net/ChangeLoghttps://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdfhttp://www.kb.cert.org/vuls/id/922681http://www.debian.org/security/2013/dsa-2614http://www.debian.org/security/2013/dsa-2615http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnphttp://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdfhttp://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdfhttp://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdfhttp://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdfhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:098https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFbhttp://www.securityfocus.com/bid/57602https://www.tenable.com/security/research/tra-2017-10https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699316https://nvd.nist.govhttps://www.exploit-db.com/exploits/24455/https://github.com/finn79426/CVE-2012-5960-PoChttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnphttps://www.kb.cert.org/vuls/id/922681
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook