Results 1 to 2 of 2

Thread: Universal Plug and Play

  1. December 30th, 2001, 12:13 AM #1
    Euclid
    Euclid is offline
    Senior Member
    Join Date
    Dec 2001
    Posts
    304

    Exclamation Universal Plug and Play

    Hello.. This may have allready been posted or you may have allready read it.

    ------------------------------------------------------------------------------------
    Multiple Vulnerabilities in Microsoft Universal Plug and Play

    DESCRIPTION
    Multiple vulnerabilities exist in Microsoft's implementation of Universal Plug and Play (UPnP). The first vulnerability is a remotely exploitable buffer overflow that can result in system-level access to the vulnerable host. This vulnerability results from an unchecked buffer in one of the service’s components that handles notify directives. By sending malformed UPnP notify directives generated at various intervals, a attacker can cause access violations on the vulnerable system, which results in pointers being overwritten. Because the UPnP service runs with SYSTEM privileges, a hacker can gain complete control of the system remotely.



    The second vulnerability involves a variant of this first vulnerability in that the UPnP service doesn't take sufficient steps to limit how far the service goes to obtain information about a discovered service. Two Denial of Service (DoS) scenarios exist for exploiting this vulnerability. The first is that a potential attacker could send a notify directive to a vulnerable host and loop the request. This loop would eventually consume all system resources on the vulnerable system. The second scenario involves specifying a third system in the notify directive for the vulnerable system(s) to respond to. As the UPnP service responds to both multicast and broadcast UDP requests, the potential for Distributed Denial of Service (DDoS) attacks exist. You can find specific details about these vulnerabilities at the discoverer’sWebsite



    VENDOR RESPONSE

    The vendor, Microsoft, has released security bulletin MS01-059 to address these vulnerabilities and recommends that affected users immediately apply the patch provided at this URL. The company further recommends that affected users follow the common practice of placing a firewall on ports 1900 and 5000 to further mitigate this risk.



    CREDIT
    Discovered by Riley Hassell of eEye Digital Security.
    -----------------------------------------------------------------------------------
    taken from security administrator
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!
  2. December 30th, 2001, 12:25 AM #2
    Euclid
    Euclid is offline
    Senior Member
    Join Date
    Dec 2001
    Posts
    304
    oh yea make sure to click on the link to discoverer’s Website
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules