ByteOS Network

CVE Vulnerability Details :

CVE-2012-5961

PUBLISHED

More Info Official Page

Assigner-certcc

Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b

Published At-31 Jan, 2013 | 21:00

Updated At-06 Aug, 2024 | 21:21

▼CVE Numbering Authority (CNA)

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp	vendor-advisory x_refsource_CISCO
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098	vendor-advisory x_refsource_MANDRIVA
http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf	x_refsource_CONFIRM
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf	x_refsource_MISC
http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf	x_refsource_CONFIRM
http://www.debian.org/security/2013/dsa-2615	vendor-advisory x_refsource_DEBIAN
http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf	x_refsource_CONFIRM
http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf	x_refsource_CONFIRM
http://www.debian.org/security/2013/dsa-2614	vendor-advisory x_refsource_DEBIAN
http://www.securityfocus.com/bid/57602	vdb-entry x_refsource_BID
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb	x_refsource_MISC
http://pupnp.sourceforge.net/ChangeLog	x_refsource_CONFIRM
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play	x_refsource_MISC
http://www.kb.cert.org/vuls/id/922681	third-party-advisory x_refsource_CERT-VN
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037	x_refsource_CONFIRM

Hyperlink: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp

Resource:

vendor-advisory

x_refsource_CISCO

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:098

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf

Resource:

x_refsource_CONFIRM

Hyperlink: https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf

Resource:

x_refsource_MISC

Hyperlink: http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.debian.org/security/2013/dsa-2615

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf

Resource:

x_refsource_CONFIRM

Hyperlink: http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.debian.org/security/2013/dsa-2614

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://www.securityfocus.com/bid/57602

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

Resource:

x_refsource_MISC

Hyperlink: http://pupnp.sourceforge.net/ChangeLog

Resource:

x_refsource_CONFIRM

Hyperlink: https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

Resource:

x_refsource_MISC

Hyperlink: http://www.kb.cert.org/vuls/id/922681

Resource:

third-party-advisory

x_refsource_CERT-VN

Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp	vendor-advisory x_refsource_CISCO x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098	vendor-advisory x_refsource_MANDRIVA x_transferred
http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf	x_refsource_CONFIRM x_transferred
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf	x_refsource_MISC x_transferred
http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf	x_refsource_CONFIRM x_transferred
http://www.debian.org/security/2013/dsa-2615	vendor-advisory x_refsource_DEBIAN x_transferred
http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf	x_refsource_CONFIRM x_transferred
http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf	x_refsource_CONFIRM x_transferred
http://www.debian.org/security/2013/dsa-2614	vendor-advisory x_refsource_DEBIAN x_transferred
http://www.securityfocus.com/bid/57602	vdb-entry x_refsource_BID x_transferred
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb	x_refsource_MISC x_transferred
http://pupnp.sourceforge.net/ChangeLog	x_refsource_CONFIRM x_transferred
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play	x_refsource_MISC x_transferred
http://www.kb.cert.org/vuls/id/922681	third-party-advisory x_refsource_CERT-VN x_transferred
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037	x_refsource_CONFIRM x_transferred