oss-sec mailing list archives

CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness

From: Salva Peiró <speirofr () gmail com>
Date: Mon, 7 Mar 2016 13:04:50 +0100

Hi everyone,

A vulnerability in the minissdpd daemon has been found that affects
minissdpd version 1.2.20130907-3 available in Debian and Ubuntu.
The vulnerability can be exploited by a local unprivileged user
with write access to /var/run/minissdpd.sock to crash the minissdpd
daemon that runs with superuser privileges.

More details at:
https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=minissdpd;dist=unstable.

Is there a CVE for this? If not, could one be assigned, please?

Regards,
Salva Peiró

--
Salva Peiró @ https://speirofr.appspot.com
CS Researcher & Software Engineer
Universitat Politècnica de València, Spain.

Current thread:

CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness Salva Peiró (Mar 07)
- Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness Salva Peiró (Mar 15)
  - Re: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an improper validation of array index weakness cve-assign (Mar 16)