Results 1 to 8 of 8

Thread: Transmission libminiupnpc8

  1. #1

    Default Transmission libminiupnpc8

    Hi

    It is possible that libminiupnpc8 is broken and can be hack. Please review this software. Millions of devices vulnerable via UPnP - Update - The H Security: News and Features

    Sincerely
    Kris

  2. #2
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,054

    Default Re: Transmission libminiupnpc8

    On Mon, 04 Feb 2013 17:26:02 +0000, KrisAnormal wrote:

    > Hi
    >
    > It is possible that libminiupnpc8 is broken and can be hack. Please
    > review this software. 'Millions of devices vulnerable via UPnP - Update
    > - The H Security: News and Features' (http://tinyurl.com/ar3k5hp)
    >
    > Sincerely Kris


    Most of the software included in openSUSE is pulled from upstream
    sources, so you'll want to check with the transmission project to make
    sure they're aware of the issue and find out if they've addressed it.

    Since it's a security issue, I expect that a backported fix would find
    its way into the currently supported releases.

    Of course, the other option is to not use UPnP, but a dedicated port
    forward.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  3. #3
    Join Date
    Oct 2011
    Location
    Missouri
    Posts
    67

    Default Re: Transmission libminiupnpc8

    Jim beat me too it but I was going to say I have UPnP disabled in my router and in Transmission. I my opinion it has always been a security risk. Using static addressing and proper port forwarding is the best way to go.
    Intel Core 2 Duo E8500 Wolfdale 3.16GHz LGA 775 65W Dual-Core Processor
    Intel LGA 775 Intel P43 ATX Intel Motherboard
    CORSAIR XMS2 4GB DDR2 SDRAM DDR2 800 (PC2 6400)
    EVGA GeForce GTX 460 (Fermi) 1GB 256-bit GDDR5 PCI Express Video Card

  4. #4
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,054

    Default Re: Transmission libminiupnpc8

    On Mon, 04 Feb 2013 21:56:01 +0000, inkrypted wrote:

    > Jim beat me too it but I was going to say I have UPnP disabled in my
    > router and in Transmission. I my opinion it has always been a security
    > risk. Using static addressing and proper port forwarding is the best way
    > to go.


    Yeah, UPnP has a long history of security issues from what I've read. I
    even hesitate to use it inside my own secured network.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Transmission libminiupnpc8

    On 2013-02-04 18:26, KrisAnormal wrote:
    >
    > Hi
    >
    > It is possible that libminiupnpc8 is broken and can be hack. Please
    > review this software. 'Millions of devices vulnerable via UPnP - Update
    > - The H Security: News and Features' (http://tinyurl.com/ar3k5hp)


    If you are reporting a security issue, the place is the security mail
    list, or a bugzilla.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)

  6. #6

    Default Re: Transmission libminiupnpc8

    One thing please talk to the guy how is maintainer on openSUSE site of Transmission to push current version 2.76 maybe it will solve problem
    I wish you Happy yelling at developer and maintainer the security problem is still on our hands.
    Sincerely
    Kris

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Transmission libminiupnpc8

    On 2013-02-12 15:46, KrisAnormal wrote:
    >
    > One thing please talk to the guy how is maintainer on openSUSE site of
    > Transmission to push current version 2.76 maybe it will solve problem
    > I wish you Happy yelling at developer and maintainer the security
    > problem is still on our hands.


    You are the reporter of the issue, it is up to you to report the issue
    using the proper channels. I do not even use transmission, so it is up
    to you to do it.

    However, yelling as you suggest will make you ignored or worse.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)

  8. #8

    Default Re: Transmission libminiupnpc8

    Thanks for your time and your opinions
    Sincerely
    Kris

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •