CVE-2016-6255 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2016-6255?

CVE-2016-6255 is a vulnerability with a CVSS score of 7.5 (HIGH). Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.

Q: How severe is CVE-2016-6255?

CVE-2016-6255 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-6255?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Libupnp Project Libupnp.

Vulnerability Description

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	8.0
Libupnp Project	Libupnp	<= 1.6.20

Related Weaknesses (CWE)

CWE-284

References

http://www.debian.org/security/2016/dsa-3736Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/18/13Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/20/5Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/92050Third Party AdvisoryVDB Entry
https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972Issue TrackingPatchThird Party Advisory
https://security.gentoo.org/glsa/201701-52
https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLogRelease NotesThird Party Advisory
https://twitter.com/mjg59/status/755062278513319936Third Party Advisory
https://www.exploit-db.com/exploits/40589/
https://www.tenable.com/security/research/tra-2017-10
http://www.debian.org/security/2016/dsa-3736Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/18/13Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/20/5Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/92050Third Party AdvisoryVDB Entry
https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2016-6255?

CVE-2016-6255 is a vulnerability with a CVSS score of 7.5 (HIGH). Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.

How severe is CVE-2016-6255?

CVE-2016-6255 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6255?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Libupnp Project Libupnp.