Well, it’s obviously last year’s story, but let’s take a look at it. Though I can not exploit manually, I still can learn the category of security problems at least. (BTW, you can get the exploit in a sec., if you really want to. It’s very widely spread.)
http://www.securityfocus.com/infocus/1548
http://www.eeye.com/html/Research/Advisories/AD20011220.html
As the article says, there were two kinds of problems in UPNP.
- Buffer Overflow
- User Input Validatation
Let me see.. The first one is quite notorious and widely known type of bugs, which is also not known to everyone and not easy to completely avoid. Anyway, it’s the most dangerous one as Zotob and its derivatives showed themselves such.
The last one, user input validation, is simply due to the lack of user input sanitization. And firing DOS/DDoS attack is as simple as the vulnerability itself.
Well.. it’s all about the story of the last year, but it’s also about the common vulnerabilities found in softwares since too many yrs ago, and it’s the story hackers tell you for abt next 10 yrs.
Post a Comment