Bypassing MiniUPnP Stack Smashing Protection

By Talos Group This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz. Summary MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software implementations of this technique enable various peer-to-peer software applications, such as Tor and cryptocurrency miners and wallets, to operate on the network. In 2015 Talos identified and reported a buffer overflow vulnerability in client []

Source:: Cisco Security Notice