[manjaro-security] [arch-security] [ASA-201608-8] libupnp: arbitrary filesystem access

Levente Polyak anthraxx at archlinux.org
Mon Aug 8 03:08:55 CEST 2016


Arch Linux Security Advisory ASA-201608-8
=========================================

Severity: Medium
Date    : 2016-08-08
CVE-ID  : CVE-2016-6255
Package : libupnp
Type    : arbitrary filesystem access
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package libupnp before version 1.6.20-1 is vulnerable to arbitrary
filesystem access.

Resolution
==========

Upgrade to 1.6.20-1.

# pacman -Syu "libupnp>=1.6.20-1"

The problem has been fixed upstream in version 1.6.20.

Workaround
==========

None.

Description
===========

A vulnerability was found in libupnp. If there's no registered handler
for a POST or GET request, the default behavior is to write to or read
from the filesystem. This allows an unauthenticated attacker to store or
retrieve arbitrary data. This issue allows full host filesystem access
if the process is running as root and using / as the web root.

Impact
======

A remote attacker is able to read from or write to arbitrary files on
the host filesystem via GET and POST requests.

References
==========

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255
http://www.openwall.com/lists/oss-security/2016/07/18/13

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20160808/2c536839/attachment.pgp>


More information about the manjaro-security mailing list