TALOS-2015-0035 (CVE-2015-6031)
Bug #1506017 reported by
W. J. van der Laan
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
miniupnpc (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Please upgrade the miniupnpc package, or backport a fix as soon as possible.
There is a remote-exploitable (from LAN) bug in miniupnpc:
See http://
This affects transmission-gtk, as well as all other client software this uses this libary, such as bitcoind.
The commit fixing the vulnerability is https:/
I have a PoC exploit for amd64, if interested contact me at <email address hidden> , use GPG keyid: 0x74810B012346C9A6
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
it affect libminiupnpc, not 'miniupnpc' which is the executable that accompanies it. At least libminiupnpc8 on Ubuntu 14.04