Ubuntu
linux-igd package

linux-igd does not honour paranoid=1 variable

Bug #1207099 reported by Calvin Coetzee
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-igd (Debian)
Fix Released
Unknown
linux-igd (Ubuntu)
Fix Committed
Undecided
Unassigned

Bug Description

[Security Vulnerability]

Setting the variable paranoid=1 in configuration file is not honoured.

/etc/upnpd.conf
. . .
# paranoid forwarding option
# 0, allow all forwarding
# 1, only allow internal hosts to forward to themselves.
# default = 0
paranoid = 1
. . .

Request from 10.0.0.100:
Forward port 22/tcp to internal client 10.0.0.90

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere 10.0.0.90 tcp dpt:ssh

/var/log/upnpd
0x7f4a93095700 AddPortMap: DevUDN: uuid:75802409-bccb-40e7-8e6c-fa095ecce13e ServiceID: urn:upnp-org:serviceId:WANIPConn1 RemoteHost: (null) Prot: TCP ExtPort: 22 Int: 10.0.0.90.22

Request from 10.0.0.100
Forward port 22/tcp to outside ip

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere 4.3.2.1 tcp dpt:ssh

/var/log/upnpd
0x7f4a93095700 AddPortMap: DevUDN: uuid:75802409-bccb-40e7-8e6c-fa095ecce13e ServiceID: urn:upnp-org:serviceId:WANIPConn1 RemoteHost: (null) Prot: TCP ExtPort: 22 Int: 4.3.2.1.22

Please have a look into the cause of the problem, I have attached log of the above instance with a full verbosity on log.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

information type: Private Security → Public Security
Changed in linux-igd (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux-igd (Ubuntu) because there has been no activity for 60 days.]

Changed in linux-igd (Ubuntu):
status: Incomplete → Expired
Revision history for this message
Nick Leverton (nick-leverton) wrote :

Fixed in Debian Jessie linux-igd/1.0+cvs20070630-5, with apols that I didn't get that uploaded in time for it to trickle down into Ubuntu.

Nick (Debian maintainer)

Changed in linux-igd (Ubuntu):
status: Expired → Confirmed
Nick Leverton (nick-leverton)
Changed in linux-igd (Ubuntu):
status: Confirmed → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in linux-igd (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.