CVE-2016-6255

NameCVE-2016-6255
DescriptionPortable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-597-1, DSA-3736-1
NVD severitymedium (attack range: remote)
Debian Bugs831857

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libupnp (PTS)wheezy1:1.6.17-1.2vulnerable
wheezy (security)1:1.6.17-1.2+deb7u2fixed
jessie (security), jessie1:1.6.19+git20141001-1+deb8u1fixed
stretch1:1.6.19+git20160116-1.2fixed
buster, sid1:1.6.22-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libupnpsource(unstable)1:1.6.19+git20160116-1.1medium831857
libupnpsourcejessie1:1.6.19+git20141001-1+deb8u1mediumDSA-3736-1
libupnpsourcewheezy1:1.6.17-1.2+deb7u1mediumDLA-597-1

Notes

https://twitter.com/mjg59/status/755062278513319936
Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
http://www.openwall.com/lists/oss-security/2016/07/18/13

Search for package or bug name: Reporting problems