miniupnpc, the MiniUPnP client library, enables applications to access
the services provided by an UPnP "Internet Gateway Device" present on
the network. In UPnP terminology, it is a UPnP Control Point.
ok sthen@
The miniUPnP daemon is an UPnP IGD (Internet Gateway Device) which
provides NAT traversal services to any UPnP enabled client as well as
NAT Port Mapping Protocol (NAT-PMP) on the network.
ok sthen@
minissdpd(1) listen to SSDP traffic on the network so miniupnpc(3) does
not need to perform the discovery process and can work faster to set up
a redirection. minissdpd(1) is also able to reply to M-SEARCH SSDP
requests on behalf on miniupnpd(1) or other UPnP server software. That
is useful in order to host several UPnP services on the same machine.
miniupnpd(1) natively uses minissdpd(1) if run on the same machine, but
other UPnP software may require to be patched.
ok sthen@
Previously if unbound-control was used to restart the daemon, further
use of /etc/rc.d/unbound would no longer match the process title.
Reported by camield@, ok aja@ jakob@
natpmpd is a daemon that can be used on an OpenBSD NAT gateway to
provide support for the NAT-PMP protocol on any internal networks which
then allows a client to create and maintain rules in pf to map TCP and
UDP connections to the external IP address on the NAT gateway to
services running on the client itself.
jakob@ and myself. See http://www.unbound.net/downloads/CVE-2011-4528.txt
for more details, summary from the above is below:
--
Unbound crashes when confronted with a non-standard response from a
server for a domain. This domain produces duplicate RRs from a certain
type and is DNSSEC signed.Unbound also crashes when confronted with a
query that eventually, and under specific circumstances, resolves to a
domain that misses expected NSEC3 records.
These two problems were discovered within 24 hours, hence a combined
vulnerability disclosure.
By constructing the non standard responses an attacker can use these
vulnerabilities for a DOS attack.
To our knowledge 'denial of service' is the only type of exploit possible.
--
