A security issue fixed upstream in miniupnpc has been announced: http://openwall.com/lists/oss-security/2017/05/11/2 The upstream commit to fix the issue is linked at the end of the message above (see [6]). Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
(In reply to David Walser from comment #0) > A security issue fixed upstream in miniupnpc has been announced: > http://openwall.com/lists/oss-security/2017/05/11/2 > > The upstream commit to fix the issue is linked at the end of the message > above (see [6]). > > Mageia 5 is also affected. Also, so this should be filed against cauldron & MGA5TOO instead of to 5 & MGA5TOO ;-) Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Version: 5 => CauldronAssignee: bugsquad => pkg-bugs
Fixed in cauldron
Whiteboard: MGA5TOO => (none)Version: Cauldron => 5CC: (none) => mageiaCVE: (none) => CVE-2017-8798
Ubuntu has issued advisories for this today (May 24): https://www.ubuntu.com/usn/usn-3298-1/ https://www.ubuntu.com/usn/usn-3298-2/
openSUSE has issued an advisory for this on May 31: https://lists.opensuse.org/opensuse-updates/2017-05/msg00110.html
Patched package uploaded for Mageia 5. Advisory: ======================== Updated miniupnpc packages fix security vulnerabilities: It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library (CVE-2017-8798). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8798 https://www.ubuntu.com/usn/usn-3298-1/ ======================== Updated packages in core/updates_testing: ======================== miniupnpc-1.9.20141128-1.2.mga5 libminiupnpc12-1.9.20141128-1.2.mga5 libminiupnpc-devel-1.9.20141128-1.2.mga5 from miniupnpc-1.9.20141128-1.2.mga5.src.rpm
Assignee: pkg-bugs => qa-bugs
Had a look but it is not for me. x86_64 Mate $ urpmq --whatrequires lib64miniupnpc12 | sort |uniq 0ad bitcoind bitcoin-qt dogecoind dogecoin-qt dolphin-emu lib64eiskaltdcpp2.2 lib64miniupnpc12 lib64miniupnpc-devel megaglest miniupnpc Could not make anything of that except possibly 0ad, which is a multi-player network game. Installed that and started it under another user with the intention of playing it across the LAN but without knowing anything about games culture there was little chance of understanding how to set it up properly let alone play it. Presumably it would need a server daemon of some kind attached to some port and then a couple of month's attention to the manual. The local router has upnp enabled. $ urpmq --requires 0ad | sort | uniq | grep mini 0ad: libminiupnpc.so.12()(64bit) There is a PoC (attached) which is just as opaque; there is no indication how to run it to show the vulnerability (CVE-2017-8798). The following command generated a continuous stream of network monitoring data: $ ./poc.py --listen <ip of user machine>:65000 --havoc This is all very negative but might be of some assistance to whomsoever attempts this one. megaglest is another game - maybe somebody knows it?
CC: (none) => tarazed25
Created attachment 9478 [details] A possible PoC for this issue Cannot comment on this.
Installed and tested without issue. Testing was done using upnpc command. Used the router control panel to check the port forward was setup correctly. Also, used a external system to connect to the forwarded port. $ uname -a Linux marte 4.4.82-desktop-1.mga5 #1 SMP Sun Aug 13 18:03:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep miniupnpc lib64miniupnpc12-1.9.20141128-1.2.mga5 miniupnpc-1.9.20141128-1.2.mga5 $ upnpc -l upnpc : miniupnpc library test client. (c) 2005-2014 Thomas Bernard Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ for more information. List of UPNP devices found on the network : desc: http://192.168.1.1:2555/upnp/41ab011c-6596-3be4-8cdb-8fba129c3670/desc.xml st: urn:schemas-upnp-org:device:InternetGatewayDevice:1 Found valid IGD : http://192.168.1.1:2555/upnp/20c65042-cc3d-3234-8de2-7b00c785b42d/WANIPConn1.ctl Local LAN ip address : 192.168.1.3 Connection Type : IP_Routed Status : Connected, uptime=1272773s, LastConnectionError : ERROR_NONE Time started : Sat Aug 12 02:53:42 2017 MaxBitRateDown : 0 bps MaxBitRateUp 0 bps ExternalIPAddress = 123.123.123.123 i protocol exPort->inAddr:inPort description remoteHost leaseTime <SNIP> $ upnpc -a 192.168.1.3 22 2222 tcp upnpc : miniupnpc library test client. (c) 2005-2014 Thomas Bernard Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ for more information. List of UPNP devices found on the network : desc: http://192.168.1.1:2555/upnp/41ab011c-6596-3be4-8cdb-8fba129c3670/desc.xml st: urn:schemas-upnp-org:device:InternetGatewayDevice:1 Found valid IGD : http://192.168.1.1:2555/upnp/20c65042-cc3d-3234-8de2-7b00c785b42d/WANIPConn1.ctl Local LAN ip address : 192.168.1.3 ExternalIPAddress = 123.123.123.123 InternalIP:Port = 192.168.1.3:22 external 123.123.123.123:2222 TCP is redirected to internal 192.168.1.3:22 (duration=0) $ upnpc -l | egrep 'TCP.*2222' 78 TCP 2222->192.168.1.3:22 'libminiupnpc' '' 0 $ # Checked in the router control panel that the port forwarding was setup correctly. $ # Confirmed that the port forwarding was working by doing a external connection to the forwarded port. $ upnpc -d 2222 tcp upnpc : miniupnpc library test client. (c) 2005-2014 Thomas Bernard Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ for more information. List of UPNP devices found on the network : desc: http://192.168.1.1:2555/upnp/41ab011c-6596-3be4-8cdb-8fba129c3670/desc.xml st: urn:schemas-upnp-org:device:InternetGatewayDevice:1 Found valid IGD : http://192.168.1.1:2555/upnp/20c65042-cc3d-3234-8de2-7b00c785b42d/WANIPConn1.ctl Local LAN ip address : 192.168.1.3 UPNP_DeletePortMapping() returned : 0 $ upnpc -l | egrep 'TCP.*2222' $
CC: (none) => mageiaWhiteboard: (none) => MGA5-64-OK
@PC_LX: formidable test of a difficult package. Great work. Advisory uploaded. Validating under current 1-OK-per-release policy.
Whiteboard: MGA5-64-OK => MGA5-64-OK advisoryKeywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0313.html
Status: NEW => RESOLVEDResolution: (none) => FIXED