[Driftstörning] Emergency block of 1900/udp & 1900/tcp [ChalmersIRT #67699]
Gunnar Lindberg
Gunnar.Lindberg at chalmers.se
Fre Feb 1 16:28:18 CET 2013
Due to reported vulnerabilities in the UPnP service we have decided
to block incomming Internet traffic to ports 1900/udp & 1900/tcp.
Expected impact of these blocks: Low
Vulnerability report:
>Risk : high
>Damage : medium
> Code injection
> Denial of service
> Remote code execution
Gunnar Lindberg, IRT & CDG
PS
UPnP == Universal Plug and Play
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://isc.sans.edu/diary/Exposed+UPNP+Devices/15040
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
DS
More information about the driftstorning
mailing list