Candidate: CVE-2012-5960
PublicDate: 2013-01-31 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960
Description:
 Stack-based buffer overflow in the unique_service_name function in
 ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices
 (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows
 remote attackers to execute arbitrary code via a long UDN (aka
 upnp:rootdevice) field in a UDP packet.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699316
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699459
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_libupnp:
 vendor: http://www.debian.org/security/2013/dsa-2614
upstream_libupnp: released (1:1.6.17-1.2)
hardy_libupnp: ignored (reached end-of-life)
lucid_libupnp: released (1:1.6.6-4ubuntu0.1)
oneiric_libupnp: released (1:1.6.6-5.1ubuntu0.11.10.1)
precise_libupnp: released (1:1.6.6-5.1ubuntu0.12.04.1)
quantal_libupnp: released (1.6.17-1.1ubuntu0.12.10.1)
raring_libupnp: not-affected (1:1.6.17-1.2)
saucy_libupnp: not-affected (1:1.6.17-1.2)
devel_libupnp: not-affected (1:1.6.17-1.2)


Patches_libupnp4:
 vendor: http://www.debian.org/security/2013/dsa-2615
upstream_libupnp4: released (1.8.0~svn20100507-1.2)
hardy_libupnp4: DNE
lucid_libupnp4: ignored (reached end-of-life)
oneiric_libupnp4: released (1.8.0~svn20100507-1.1ubuntu0.11.10.1)
precise_libupnp4: released (1.8.0~svn20100507-1.1ubuntu0.12.04.1)
quantal_libupnp4: released (1.8.0~svn20100507-1.1ubuntu0.12.10.1)
raring_libupnp4: not-affected (1.8.0~svn20100507-1.2)
saucy_libupnp4: not-affected (1.8.0~svn20100507-1.2)
devel_libupnp4: not-affected (1.8.0~svn20100507-1.2)