Je viens de t'envoyer un mail à ce sujet : http://miniupnp.tuxfamily.org/files/download.php?file=minissdpd-1.0.20110729.tar.gz
les pires problèmes devraient être corrigés (overflows potentiels de partout) Le 29/07/2011 10:51, Thomas Goirand a écrit : > Salut, > > est-ce que tu peux voire, et fixer ca au plus tot? > Des que j'ai ta reponse, je peux UL dans la SID > avec urgency=high... > > Thomas > > ----- Original message ----- > >> Subject: minissdpd: multiple flaws >> Package: minissdpd >> Version: 1.0-2 >> Justification: root security hole >> Severity: critical >> Tags: upstream security >> >> As originally reported at https://bugs.launchpad.net/bugs/813313 and >> http://www.openwall.com/lists/oss-security/2011/07/28/12 >> >> In Ubuntu, we lowered miniupnpc and libnatpmp's recommends on >> minissdpd to suggests. >> ===== >> Denial of Service: >> - off-by-one in packet parsing can trigger crashes on unluckily alignment >> minissdpd.c line ~290 >> - walk off end of memory without length check in "cache-control" packet >> minissdpd.c line ~314 >> - some unchecked malloc uses could lead to crash >> - does not clean up /var/run files on crash >> >> >> Corruption, possible manipulation of responses: >> - linefeed injection in service requests >> - unchecked write lengths (could get interrupted, lead to corruption) >> >> Memory corruption, with execution control likely: >> - multiple buffer overflows in processRequest >> - unchecked decoded lengths >> - unchecked buffer creation length >> - integer overflows in decoded lengths >> - write null byte arbitrarily in heap >> - could read stack memory out on requests (including canary if OS >> used stack protector canary that wasn't null-started). e.g.: >> - add bogus service with giant coded-length "location" entry >> - read back with type==1 and matching "st" >> >> >> General Safety: >> - does not drop privileges >> >> >> -- System Information: >> Debian Release: wheezy/sid >> APT prefers oneiric >> APT policy: (500, 'oneiric') >> Architecture: amd64 (x86_64) >> >> Kernel: Linux 3.0.0-7-generic (SMP w/2 CPU cores) >> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) >> Shell: /bin/sh linked to /bin/dash >> >> Versions of packages minissdpd depends on: >> ii libc6 2.13-9ubuntu3 Embedded >> GNU C Library: >> Shared lib >> >> minissdpd recommends no packages. >> >> minissdpd suggests no packages. >> >> -- no debconf information >> > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
