[Linux-igd-devel] Security issues to address...
Status: Beta
Brought to you by:
krazydime
Menu
▾
▴
[Linux-igd-devel] Security issues to address...
|
From: Daniel J B. <dan...@gm...> - 2006-08-14 12:21:09
|
With 0.95 out, there are some security issues that need to be addressed. Armijn Hemel has pointed out some areas he was able to exploit (see http://www.upnp-hacks.org/stacks.html#linux-igd). The security update to always store IP addresses in inaddr structures, rather than (unbounded) strings isn't much work overall, so I can get a patch in for this. There does need to be a check through the code paths to ensure requests are correctly validated, and to address some of the issues that Armijn has raised. Any thoughts? -- Daniel J Blueman |
