https://bitcointalksearch.org/topic/m.12673825'A vulnerability was found in Bitcoin Core. It allows an attack from malicious peers in the local network via UPNP. Namecoin is affected, too, so everybody should turn off UPNP until further notice.'
anyone smart enuf to explain?
By default uPnP is on in Bitcoin core to connect up more full nodes through port forwarding, and with this specific attack, someone would create a spoofed local server on the network and crash your Bitcoin client. It's not very dangerous IMO, just an annoyance which will get fixed.
parser.xmlstart = buffer;
parser.xmlsize = bufsize;
parser.data = data;
parser.starteltfunc = IGDstartelt;
parser.endeltfunc = IGDendelt;
parser.datafunc = IGDdata;
parser.attfunc = 0;
parsexml(&parser);
XML parses the replies from uPnP and initiates a function call parsexml() here at the end of this code
void IGDstartelt(void * d, const char * name, int l)
{
struct IGDdatas * datas = (struct IGDdatas *)d;
memcpy( datas->cureltname, name, l);
datas->cureltname[l] = '\0';
datas->level++;
if( (l==7) && !memcmp(name, "service", l) ) {
datas->tmp.controlurl[0] = '\0';
datas->tmp.eventsuburl[0] = '\0';
datas->tmp.scpdurl[0] = '\0';
datas->tmp.servicetype[0] = '\0';
}
}
A buffer overflow occurs in IGDstartelt( and an unsafe call is made to memcpy shortly thereafter.
With the successful buffer overflow on the stack, remote code execution is possible. Potential for something nasty there if really well crafted, but it'll be patched soon, if it isn't already being pushed/patched.
Oh, someone has made a brand new account to trash talk UNO. All markets are manipulated. The long term holders barely move their coins.