Hi
It is possible that libminiupnpc8 is broken and can be hack. Please review this software. Millions of devices vulnerable via UPnP - Update - The H Security: News and Features
Sincerely
Kris
Hi
It is possible that libminiupnpc8 is broken and can be hack. Please review this software. Millions of devices vulnerable via UPnP - Update - The H Security: News and Features
Sincerely
Kris
On Mon, 04 Feb 2013 17:26:02 +0000, KrisAnormal wrote:
> Hi
>
> It is possible that libminiupnpc8 is broken and can be hack. Please
> review this software. ‘Millions of devices vulnerable via UPnP - Update
> - The H Security: News and Features’ (http://tinyurl.com/ar3k5hp)
>
> Sincerely Kris
Most of the software included in openSUSE is pulled from upstream
sources, so you’ll want to check with the transmission project to make
sure they’re aware of the issue and find out if they’ve addressed it.
Since it’s a security issue, I expect that a backported fix would find
its way into the currently supported releases.
Of course, the other option is to not use UPnP, but a dedicated port
forward.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
Jim beat me too it but I was going to say I have UPnP disabled in my router and in Transmission. I my opinion it has always been a security risk. Using static addressing and proper port forwarding is the best way to go.
On Mon, 04 Feb 2013 21:56:01 +0000, inkrypted wrote:
> Jim beat me too it but I was going to say I have UPnP disabled in my
> router and in Transmission. I my opinion it has always been a security
> risk. Using static addressing and proper port forwarding is the best way
> to go.
Yeah, UPnP has a long history of security issues from what I’ve read. I
even hesitate to use it inside my own secured network.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
On 2013-02-04 18:26, KrisAnormal wrote:
>
> Hi
>
> It is possible that libminiupnpc8 is broken and can be hack. Please
> review this software. ‘Millions of devices vulnerable via UPnP - Update
> - The H Security: News and Features’ (http://tinyurl.com/ar3k5hp)
If you are reporting a security issue, the place is the security mail
list, or a bugzilla.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
One thing please talk to the guy how is maintainer on openSUSE site of Transmission to push current version 2.76 maybe it will solve problem
I wish you Happy yelling at developer and maintainer the security problem is still on our hands.
Sincerely
Kris
On 2013-02-12 15:46, KrisAnormal wrote:
>
> One thing please talk to the guy how is maintainer on openSUSE site of
> Transmission to push current version 2.76 maybe it will solve problem
> I wish you Happy yelling at developer and maintainer the security
> problem is still on our hands.
You are the reporter of the issue, it is up to you to report the issue
using the proper channels. I do not even use transmission, so it is up
to you to do it.
However, yelling as you suggest will make you ignored or worse.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
Thanks for your time and your opinions
Sincerely
Kris