Re: "Universal Plug and Play technology exploit code"

From: Florian Weimer (Weimerat_private-Stuttgart.DE)
Date: Mon Dec 24 2001 - 13:59:20 PST

Next message: Minchu Mo: "Is GOT exploitable in solaris?"

Previous message: Ryan Permeh: "Re: "Universal Plug and Play technology exploit code""
In reply to: Sebastian Wells: "Re: "Universal Plug and Play technology exploit code""
Next in thread: Atacdad: "RE: "Universal Plug and Play technology exploit code""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Sebastian Wells" <alteregoat_private> writes:

> Is this an exploit to the most recent UPnP hole that was posted to bugtraq?
> In the discussion of that vulnerability it was stated that UPnP was on UDP
> port 1900.
> 
> Am I just confused?

UPnP support comes with a web server on TCP port 5000 (which processes
SOAP requests, IIRC).  Another UDP-based web server seems to be
listening on port 1900, implementing SSDP (yes, there's an IETF draft
floating around for HTTP over UDP).

-- 
Florian Weimer 	                  Florian.Weimerat_private-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Next message: Minchu Mo: "Is GOT exploitable in solaris?"
Previous message: Ryan Permeh: "Re: "Universal Plug and Play technology exploit code""
In reply to: Sebastian Wells: "Re: "Universal Plug and Play technology exploit code""
Next in thread: Atacdad: "RE: "Universal Plug and Play technology exploit code""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 24 2001 - 14:46:26 PST