[ale] Flaw in dd-wrt

Michael H. Warfield mhw at WittsEnd.com
Fri Jul 24 12:53:09 EDT 2009


On Fri, 2009-07-24 at 10:28 -0400, Charles Shapiro wrote:
> Looks like your dd-wrt router is now vulnerable to root access over
> the net. The flaw involves an invalid graphics file sent to the web
> server. They've released a fix. Details are available on the dd-wrt
> website
> ( http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/34-dd-wrt-httpd-vulnerability-milw0rmcom-report.html ).  

	It's much MUCH simpler than an invalid graphics file.  It's a meta
character escape in the URL.  Doesn't require any file at all.  Pretty
much a trivial instant remote root.  But you have to have access to the
Administration http service, which is disabled by default from the WLAN
(Wireless LAN) and Internet (WAN) ports and should only be accessible
from the LAN (hardwired) ports.  That just leaves it vulnerable to local
attacks, reflection attacks, and CSRF attacks.  Sigh...

> I think coova is not affected, since it's based on openwrt
> ( http://openwrt.org/ )?

> -- CHS

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20090724/438348a3/attachment.bin 


More information about the Ale mailing list