Transmission libminiupnpc8

KrisAnormal · February 4, 2013, 6:23pm

Hi

It is possible that libminiupnpc8 is broken and can be hack. Please review this software. Millions of devices vulnerable via UPnP - Update - The H Security: News and Features

Sincerely
Kris

hendersj · February 4, 2013, 9:27pm

On Mon, 04 Feb 2013 17:26:02 +0000, KrisAnormal wrote:

> Hi
>
> It is possible that libminiupnpc8 is broken and can be hack. Please
> review this software. ‘Millions of devices vulnerable via UPnP - Update
> - The H Security: News and Features’ (http://tinyurl.com/ar3k5hp)
>
> Sincerely Kris

Most of the software included in openSUSE is pulled from upstream
sources, so you’ll want to check with the transmission project to make
sure they’re aware of the issue and find out if they’ve addressed it.

Since it’s a security issue, I expect that a backported fix would find
its way into the currently supported releases.

Of course, the other option is to not use UPnP, but a dedicated port
forward.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

inkrypted · February 4, 2013, 10:55pm

Jim beat me too it but I was going to say I have UPnP disabled in my router and in Transmission. I my opinion it has always been a security risk. Using static addressing and proper port forwarding is the best way to go.

hendersj · February 4, 2013, 11:00pm

On Mon, 04 Feb 2013 21:56:01 +0000, inkrypted wrote:

> Jim beat me too it but I was going to say I have UPnP disabled in my
> router and in Transmission. I my opinion it has always been a security
> risk. Using static addressing and proper port forwarding is the best way
> to go.

Yeah, UPnP has a long history of security issues from what I’ve read. I
even hesitate to use it inside my own secured network.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

robin_listas · February 5, 2013, 12:38am

On 2013-02-04 18:26, KrisAnormal wrote:
>
> Hi
>
> It is possible that libminiupnpc8 is broken and can be hack. Please
> review this software. ‘Millions of devices vulnerable via UPnP - Update
> - The H Security: News and Features’ (http://tinyurl.com/ar3k5hp)

If you are reporting a security issue, the place is the security mail
list, or a bugzilla.

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

KrisAnormal · February 12, 2013, 3:40pm

One thing please talk to the guy how is maintainer on openSUSE site of Transmission to push current version 2.76 maybe it will solve problem
I wish you Happy yelling at developer and maintainer the security problem is still on our hands.
Sincerely
Kris

robin_listas · February 12, 2013, 4:03pm

On 2013-02-12 15:46, KrisAnormal wrote:
>
> One thing please talk to the guy how is maintainer on openSUSE site of
> Transmission to push current version 2.76 maybe it will solve problem
> I wish you Happy yelling at developer and maintainer the security
> problem is still on our hands.

You are the reporter of the issue, it is up to you to report the issue
using the proper channels. I do not even use transmission, so it is up
to you to do it.

However, yelling as you suggest will make you ignored or worse.

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

KrisAnormal · February 13, 2013, 2:58pm

Thanks for your time and your opinions
Sincerely
Kris