| Name | CVE-2016-6255 |
| Description | Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-597-1, DSA-3736-1 |
| Debian Bugs | 831857 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| libupnp | source | wheezy | 1:1.6.17-1.2+deb7u1 | DLA-597-1 | ||
| libupnp | source | jessie | 1:1.6.19+git20141001-1+deb8u1 | DSA-3736-1 | ||
| libupnp | source | (unstable) | 1:1.6.19+git20160116-1.1 | 831857 |
https://twitter.com/mjg59/status/755062278513319936
Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
https://www.openwall.com/lists/oss-security/2016/07/18/13