Bug 1085618 (CVE-2014-3985) - CVE-2014-3985 miniupnpc buffer overrun - network facing DoS crash
Summary: CVE-2014-3985 miniupnpc buffer overrun - network facing DoS crash
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3985
Product: Fedora
Classification: Fedora
Component: miniupnpc
Version: 19
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Paulo Andrade
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-04-09 02:25 UTC by Warren Togami
Modified: 2014-06-11 07:26 UTC (History)
3 users (show)

Fixed In Version: miniupnpc-1.9-1.fc19
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-05-13 05:02:38 UTC
Type: Bug


Attachments (Terms of Use)

Description Warren Togami 2014-04-09 02:25:15 UTC
miniupnpc-1.8-1.fc20
miniupnpc-1.8-1.fc19

http://miniupnp.free.fr/files/changelog.php?file=miniupnpc-1.9.20140401.tar.gz
2013/10/07:
  fixed potential buffer overrun in miniwget.c
  Modified UPNP_GetValidIGD() to check for ExternalIpAddress

https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9

Appears to be a DoS crash vector that can be triggered by something on the network.

Comment 1 Murray McAllister 2014-04-30 06:36:13 UTC
Thanks Warren. Apologies for the delay looking at this. I am not familiar with the code but it may just be a crash, with an invalid read here (on line 131):

129                         /* parse header lines */
130                         for(i = 0; i < endofheaders - 1; i++) {
131                                 if(colon <= linestart && header_buf[i]==':')

I'll request a CVE on the oss-security list.

Comment 2 Murray McAllister 2014-04-30 06:48:20 UTC
CVE request: http://www.openwall.com/lists/oss-security/2014/04/30/3

Comment 3 Fedora Update System 2014-05-01 15:46:56 UTC
miniupnpc-1.9-1.fc19,megaglest-3.9.1-2.fc19,0ad-0.0.15-4.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/miniupnpc-1.9-1.fc19,megaglest-3.9.1-2.fc19,0ad-0.0.15-4.fc19

Comment 4 Fedora Update System 2014-05-01 22:30:10 UTC
Package miniupnpc-1.9-1.fc19, megaglest-3.9.1-2.fc19, 0ad-0.0.15-4.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing miniupnpc-1.9-1.fc19 megaglest-3.9.1-2.fc19 0ad-0.0.15-4.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-5903/miniupnpc-1.9-1.fc19,megaglest-3.9.1-2.fc19,0ad-0.0.15-4.fc19
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2014-05-13 05:02:38 UTC
miniupnpc-1.9-1.fc19, megaglest-3.9.1-2.fc19, 0ad-0.0.15-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Martin Prpič 2014-06-11 07:26:17 UTC
MITRE assigned CVE-2014-3985 to this issue:

http://seclists.org/oss-sec/2014/q2/496


Note You need to log in before you can comment on or make changes to this bug.