{"id":17232,"date":"2013-01-30T19:26:11","date_gmt":"2013-01-30T10:26:11","guid":{"rendered":"http:\/\/tabkul.com\/?p=17232"},"modified":"2013-01-30T19:31:56","modified_gmt":"2013-01-30T10:31:56","slug":"%e3%80%8cupnp%e3%80%8d%e3%81%ab%e8%84%86%e5%bc%b1%e6%80%a7%e3%80%81%e7%84%a1%e7%b7%9alan%e3%83%ab%e3%83%bc%e3%82%bf%e3%81%aa%e3%81%a9%e6%95%b0%e5%8d%83%e4%b8%87%e5%8f%b0%e3%81%8c%e5%bd%b1%e9%9f%bf","status":"publish","type":"post","link":"https:\/\/tabkul.com\/?p=17232","title":{"rendered":"\u300cUPnP\u300d\u306b\u8106\u5f31\u6027\u3001\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u306a\u3069\u6570\u5343\u4e07\u53f0\u304c\u5f71\u97ff\u3078"},"content":{"rendered":"<p>\u7c73\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u95a2\u306eUS-CERT\u306f1\u670829\u65e5\u3001\u30e2\u30d0\u30a4\u30eb\u30eb\u30fc\u30bf\u3084\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u7b49\u3067<\/p>\n<p>\u5e45\u5e83\u304f\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u300cUniversal Plug and Play\u300d\uff08UPnP\uff09\u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u3092\u78ba\u8a8d\u3002<\/p>\n<p>\u5927\u624b\u30e1\u30fc\u30ab\u30fc\u88fd\u54c1\u3092\u542b\u3081\u305f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u3001\u6570\u5343\u4e07\u53f0\u304c\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3068\u4f1d\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u30bf\u30d6\u30ec\u30c3\u30c8\u30e6\u30fc\u30b6\u30fc\u306fWi-Fi\u304c\u57fa\u672c\u3067\u3059\u304b\u3089\u8fc5\u901f\u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d1\u30c3\u30c1\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n<p><img loading=\"lazy\" title=\"upnp-security\" style=\"border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px\" border=\"0\" alt=\"upnp-security\" src=\"http:\/\/tabkul.com\/wp-content\/uploads\/2013\/01\/upnpsecurity.jpg\" width=\"610\" height=\"364\"> <\/p>\n<p><!--more--><\/p>\n<h2>\u300cUPnP\u300d\u306b\u8106\u5f31\u6027\u3001\u6570\u5343\u4e07\u53f0\u304c\u653b\u6483\u8005\u5bfe\u8c61\u3078<\/h2>\n<p>US-CERT\u304c\u516c\u958b\u3057\u305f 1\u670829\u65e5\u6642\u70b9\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u60c5\u5831\u306b\u3088\u308b\u3068<\/p>\n<p>UPnP\u30c7\u30d0\u30a4\u30b9\u7528\u306e\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30dd\u30fc\u30bf\u30d6\u30ebSDK\u3067\u3042\u308b\u300clibupnp\u300d\u306b<\/p>\n<p>\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u304c\u8907\u6570\u5b58\u5728\u3059\u308b\u3068\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>libupnp\u3092\u4f7f\u3063\u3066\u3044\u308b\u7121\u7ddaLAN\u6a5f\u5668\u306a\u3069\u306e\u30c7\u30d0\u30a4\u30b9\u306f<\/p>\n<p>WAN\u7d4c\u7531\u3067UPnP\u30af\u30a8\u30ea\u30fc\u3092\u53d7\u3051\u5165\u308c\u3092\u8a31\u53ef\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a<\/p>\n<p>\u8106\u5f31\u6027\u304c\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306b\u9732\u51fa\u3055\u308c\u308b\u6050\u308c\u304c\u3042\u308b\u3068\u306e\u3053\u3068\u3002<\/p>\n<h3>\u8106\u5f31\u6027\u306b\u3064\u3044\u3066<\/h3>\n<p>\u8106\u5f31\u6027\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4f01\u696d\u300cRapid7\u300d\u304c\u30cd\u30c3\u30c8\u63a5\u7d9a\u3055\u308c\u305fUPnP\u30c7\u30d0\u30a4\u30b9\u3092\u5bfe\u8c61\u306b\u884c\u3063\u305f<\/p>\n<p>\u5927\u898f\u6a21\u306a\u8abf\u67fb\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u3067\u767a\u898b\u3057\u305f\u3068\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>libupnp\u306eSimple Service Discovery Protocol\uff08SSDP\uff09\u5b9f\u88c5\u306b\u8106\u5f31\u6027\u304c\u5b58\u5728\u3057<\/p>\n<p>\u30ea\u30e2\u30fc\u30c8\u8a8d\u8a3c\u3092\u53d7\u3051\u306a\u3044\u653b\u6483\u8005\u304c\u3001\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092<\/p>\n<p>\u5404\u30c7\u30d0\u30a4\u30b9\u4e0a\u3067\u5b9f\u884c\u53ef\u80fd\u306b\u306a\u308b\u3068\u3044\u3046\u6050\u308c\u3092\u6307\u6458\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u307e\u305f\u300cRapid7\u300d\u306b\u3088\u308b\u3068 libupnp \u306fCisco Systems\u3001\u5bcc\u58eb\u901a\u3001NEC\u3001\u30bd\u30cb\u30fc\u306a\u3069\u306e<\/p>\n<p>\u5927\u624b\u30e1\u30fc\u30ab\u30fc\u3092\u542b\u3081\u305f 200\u793e\u4ee5\u4e0a\u306e\u88fd\u54c1\u306b\u63a1\u7528\u3055\u308c\u3066\u304a\u308a<\/p>\n<p>\u6570\u5343\u4e07\u53f0\u3068\u3044\u3046\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u3067\u5b9f\u969b\u306b\u4f7f\u308f\u308c\u3066\u3044\u308b\u3068\u306e\u3053\u3068\u3002<\/p>\n<p>\u3055\u3089\u306b\u3001\u305d\u306e\u3046\u3061\u7d04\uff12\uff10\uff10\uff10\u4e07\u53f0\u304c\u30cd\u30c3\u30c8\u4e0a\u306b\u9732\u51fa\u3057\u3066\u3044\u308b\u3068\u4f1d\u3048\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u5bfe\u8c61\u306f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5371\u6a5f\u306b\u3068\u3069\u307e\u3089\u305a\u30d5\u30a1\u30a4\u30eb\u5171\u6709\u30a2\u30d7\u30ea\u3084\u30b9\u30c8\u30ea\u30fc\u30df\u30f3\u30b0\u30e1\u30c7\u30a3\u30a2\u306a\u3069\u306e\u591a\u304f\u304c<\/p>\n<p>library\u7d4c\u7531\u3067\u653b\u6483\u306b\u3055\u3089\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3068\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h3>\u89e3\u6c7a\u7b56\u306f\u3001\u3001\u3001\u3002<\/h3>\n<p>\u89e3\u6c7a\u7b56\u3068\u3057\u3066\uff12\uff19\u65e5\u6642\u70b9\u3067 libupnp \u306e\u6700\u65b0\u7248\u3068\u306a\u308b\u300clibupnp 1.6.18\u300d\u3078\u66f4\u65b0\u3059\u308b\u3053\u3068\u3002<\/p>\n<p>\u3057\u304b\u3057\u3001\u30e1\u30fc\u30ab\u30fc\u5404\u793e\u304c\u300clibupnp 1.6.18\u300d\u3092\u81ea\u793e\u88fd\u54c1\u3078\u306e\u7d44\u307f\u8fbc\u3080\u30d1\u30c3\u30c1\u4f5c\u6210\u306b<\/p>\n<p>\u6642\u9593\u304c\u304b\u304b\u3063\u3066\u3044\u308b\u3068\u3044\u3046\u3053\u3068\u3067\u3059\u3002<\/p>\n<p>\u307e\u305f\u3001\u751f\u7523\u7d42\u4e86\u5546\u54c1\u306b\u306f\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u304c\u3055\u308c\u306a\u3044\u53ef\u80fd\u6027\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>US-CERT\u304b\u3089\u306f\u3001\u300cUPnP\u3092\u7121\u52b9\u300d\u306b\u8a2d\u5b9a\u3057\u3066\u304a\u304f\u3053\u3068\u3092\u63a8\u5968\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u4fe1\u983c\u3067\u304d\u306a\u3044\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u304b\u3089\u306e\u4ee5\u4e0b\u306e\u30b5\u30fc\u30d3\u30b9\u306b\u5236\u9650\u3092\u304b\u3051\u308b\u3088\u3046\u306b\u4f1d\u3048\u3066\u3044\u307e\u3059\u3002 <\/p>\n<ol>\n<li>SSDP\uff081900\/upd\uff09<\/li>\n<li>Simple Object Access Protocol\uff08SOAP\uff09<\/li>\n<\/ol>\n<p>\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u7b49\u306e\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306f\u5931\u6557\u3059\u308b\u3068<\/p>\n<p>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u7e4b\u304c\u3089\u306a\u304f\u306a\u3063\u305f\u308a\u3059\u308b\u306e\u3067\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u5f8c\u306b\u66f4\u65b0\u3059\u308b\u3068\u826f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n<p>\uff1cSource\uff1e<\/p>\n<ul>\n<li><a href=\"http:\/\/www.us-cert.gov\/current\/#cert_releases_upnp_security_advisory\" target=\"_blank\">CERT Releases UPnP Security Advisory<\/a><\/li>\n<li><a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/922681\" target=\"_blank\">Vulnerability Note VU#922681\uff1aPortable SDK for UPnP Devices\uff08libupnp\uff09 contains multiple buffer overflows in SSDP<\/a><\/li>\n<li><a href=\"https:\/\/community.rapid7.com\/community\/infosec\/blog\/2013\/01\/29\/security-flaws-in-universal-plug-and-play-unplug-dont-play\" target=\"_blank\">Security Flaws in Universal Plug and Play: Unplug, Don&#8217;t Play<\/a><\/li>\n<li><a href=\"http:\/\/jvn.jp\/cert\/JVNVU90348117\/index.html\" target=\"_blank\">Portable SDK for UPnP \u306b\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\uff08JVN\uff09<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u7c73\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u95a2\u306eUS-CERT\u306f1\u670829\u65e5\u3001\u30e2\u30d0\u30a4\u30eb\u30eb\u30fc\u30bf\u3084\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u7b49\u3067 \u5e45\u5e83\u304f\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u300cUniversal Plug and Play\u300d\uff08UPnP\uff09\u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u3092\u78ba\u8a8d\u3002 \u5927\u624b\u30e1\u30fc\u30ab\u30fc\u88fd\u54c1\u3092\u542b\u3081\u305f\u30cd [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":17231,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[490],"tags":[248],"_links":{"self":[{"href":"https:\/\/tabkul.com\/index.php?rest_route=\/wp\/v2\/posts\/17232"}],"collection":[{"href":"https:\/\/tabkul.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tabkul.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tabkul.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tabkul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=17232"}],"version-history":[{"count":3,"href":"https:\/\/tabkul.com\/index.php?rest_route=\/wp\/v2\/posts\/17232\/revisions"}],"predecessor-version":[{"id":17236,"href":"https:\/\/tabkul.com\/index.php?rest_route=\/wp\/v2\/posts\/17232\/revisions\/17236"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tabkul.com\/index.php?rest_route=\/wp\/v2\/media\/17231"}],"wp:attachment":[{"href":"https:\/\/tabkul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=17232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tabkul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=17232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tabkul.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=17232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}