JPCERT-AT-2013-0006
JPCERT/CC
2013-01-31
<<< JPCERT/CC Alert 2013-01-31 >>>
Vulnerability in Portable SDK for UPnP
https://www.jpcert.or.jp/english/at/2013/at130006.html
I. Overview
On January 30, 2013 (UTC+9), US-CERT published an advisory regarding
a vulnerability in the Portable SDK for UPnP (libupnp). libupnp is
widely deployed in broadband routers and other devices to implement
UPnP.
According to US-CERT, libupnp contains a buffer overflow
vulnerability. Arbitrary code may be executed when a device with
libupnp receives a malicious SSDP packet.
US-CERT Vulnerability Note VU#922681
Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
http://www.kb.cert.org/vuls/id/922681
II. Affected Products
Affected products and versions are as follows:
- UPnP SDK 1.2 (Intel SDK)
- UPnP SDK 1.6.17 and earlier versions (Portable SDK)
Products that may use libupnp:
- Network devices such as routers
(mainly broadband routers for home use)
- IP telephone devices
- TV, DVD/BD recorders that can connect to the internet
- Other products that have a UPnP function
*) libupnp is used in many network devices. Products that can be
accessed directly through the internet, such as broadband routers,
may be more susceptible to an attack than other products.
III. Solution
For products affected by this vulnerability, it is expected that
each developer will release updated software. Apply the update
according to the information provided by each developer. For devices
that have an automatic firmware update function, turning the function
"ON" may be effective.
For users of devices (broadband routers, etc.) that can be accessed
directly through the internet, please consider turning off the UPnP
function until an update is available. However this may cause products
(IP telephone devices, messengers) that use the UPnP function to
become unusable. In this case, creating a filter to only accept
1900/udp packets from these devices may reduce the probability of an
attack.
Please refer to the product manual for instructions regarding
turning off the UPnP function and creating a filter.
IV. References
JVNVU#90348117
Portable SDK for UPnP vulnerable to buffer overflow
https://jvn.jp/cert/JVNVU90348117/index.html
US-CERT Vulnerability Note VU#922681
Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
http://www.kb.cert.org/vuls/id/922681
Cisco
Cisco Security Advisory: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
NEC
SDK for UPnP vulnerable to buffer overflow
http://jpn.nec.com/security-info/secinfo/nv13-003.html
FURUKAWA ELECTRIC CO., LTD
Portable SDK for UPnP vulnerable to buffer overflow
http://www.furukawa.co.jp/fitelnet/topic/vulnera_20130130.html
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top