[security-alerts] FW: [SA21081] D-Link Routers UPnP M-SEARCH Request Buffer Overflow

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> D-Link Routers UPnP M-SEARCH Request Buffer Overflow
> 
> SECUNIA ADVISORY ID:
> SA21081
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21081/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From local network
> 
> OPERATING SYSTEM:
> D-Link DI-524
> http://secunia.com/product/8028/
> D-Link DI-604 Broadband Router
> http://secunia.com/product/11068/
> D-Link DI-624
> http://secunia.com/product/3660/
> D-Link DI-784
> http://secunia.com/product/8029/
> D-Link EBR-2310 Ethernet Broadband Router
> http://secunia.com/product/11069/
> D-Link WBR-1310 Wireless G Router
> http://secunia.com/product/11070/
> D-Link WBR-2310 RangeBooster G Router
> http://secunia.com/product/11071/
> 
> DESCRIPTION:
> eEye Digital Security has reported a vulnerability in various D-Link
> routers, which can be exploited by malicious people to compromise a
> vulnerable network device.
> 
> The vulnerability is caused due to a boundary error in the UPnP
> service when processing "M-SEARCH" requests. This can be exploited to
> cause a stack-based buffer overflow by sending an "M-SEARCH" request
> with an overly long string (about 800 bytes) to port 1900/UDP.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> SOLUTION:
> Updates are available for download from the D-Link web site.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Barnaby Jack, eEye Digital Security.
> 
> ORIGINAL ADVISORY:
> eEye Digital Security:
> http://www.eeye.com/html/research/advisories/AD20060714.html
>