CVE-2016-6255

NameCVE-2016-6255
DescriptionPortable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-597-1, DSA-3736-1
Debian Bugs831857

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libupnp (PTS)jessie, jessie (lts)1:1.6.19+git20141001-1+deb8u2fixed
stretch (security), stretch (lts), stretch1:1.6.19+git20160116-1.2+deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libupnpsourcewheezy1:1.6.17-1.2+deb7u1DLA-597-1
libupnpsourcejessie1:1.6.19+git20141001-1+deb8u1DSA-3736-1
libupnpsource(unstable)1:1.6.19+git20160116-1.1831857

Notes

https://twitter.com/mjg59/status/755062278513319936
Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
https://www.openwall.com/lists/oss-security/2016/07/18/13
Search for package or bug name: Reporting problems