Re: "Universal Plug and Play technology exploit code"
From: Florian Weimer (Weimer@CERT.Uni-Stuttgart.DE)Date: 12/24/01
- Previous message: Ryan Permeh: "Re: "Universal Plug and Play technology exploit code""
- In reply to: Sebastian Wells: "Re: "Universal Plug and Play technology exploit code""
- Next in thread: Atacdad: "RE: "Universal Plug and Play technology exploit code""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Sebastian Wells" <alterego@negaverse.org> From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE> Date: 24 Dec 2001 22:59:20 +0100
"Sebastian Wells" <alterego@negaverse.org> writes:
> Is this an exploit to the most recent UPnP hole that was posted to bugtraq?
> In the discussion of that vulnerability it was stated that UPnP was on UDP
> port 1900.
>
> Am I just confused?
UPnP support comes with a web server on TCP port 5000 (which processes
SOAP requests, IIRC). Another UDP-based web server seems to be
listening on port 1900, implementing SSDP (yes, there's an IETF draft
floating around for HTTP over UDP).
-- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
- Previous message: Ryan Permeh: "Re: "Universal Plug and Play technology exploit code""
- In reply to: Sebastian Wells: "Re: "Universal Plug and Play technology exploit code""
- Next in thread: Atacdad: "RE: "Universal Plug and Play technology exploit code""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
