Results 1 to 4 of 4

Thread: All OSes: what about "CallStranger" vulnerability and openSUSE?

  1. #1

    Default All OSes: what about "CallStranger" vulnerability and openSUSE?

    CallStranger
    CVE-2020-12695
    Data Exfiltration & Reflected Amplified TCP DDOS & Port Scan via UPnP SUBSCRIBE Callback
    https://www.callstranger.com/

    https://github.com/yunuscadirci/CallStranger
    https://github.com/5kyc0d3r/upnpy

    Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations
    https://kb.cert.org/vuls/id/339275

    The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
    https://cve.mitre.org/cgi-bin/cvenam...CVE-2020-12695


    Ok, https://www.suse.com/security/cve/CVE-2020-12695/
    Overall state of this security issue: Does not affect SUSE products
    But what to do with another equipment?

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    26,511

    Default Re: All OSes: what about "CallStranger" vulnerability and openSUSE?

    Quote Originally Posted by Svyatko View Post

    But what to do with another equipment?
    Ask in another forum?
    Henk van Velden

  3. #3
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    28,833
    Blog Entries
    15

    Default Re: All OSes: what about "CallStranger" vulnerability and openSUSE?

    Quote Originally Posted by hcvv View Post
    Ask in another forum?
    Hi
    Yes, or better yet just turn it off.....

    My router...
    Miniatures attachées Miniatures attachées Click image for larger version. 

Name:	Screenshot from 2020-06-22 12-23-00.png 
Views:	46 
Size:	3.4 KB 
ID:	894  
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  4. #4
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,584
    Blog Entries
    1

    Default Re: All OSes: what about "CallStranger" vulnerability and openSUSE?

    Quote Originally Posted by malcolmlewis View Post
    Hi
    Yes, or better yet just turn it off.....

    My router...
    Yes, a sensible approach if not already disabled (and not required).
    openSUSE Leap 15.2; KDE Plasma 5

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •