[ale] Flaw in dd-wrt
Charles Shapiro
hooterpincher at gmail.com
Sat Jul 25 09:31:59 EDT 2009
Hmm. I might be ok then. The only way to my admin console is to physically
plug in to the router.
-- CHS
On Fri, Jul 24, 2009 at 12:53 PM, Michael H. Warfield <mhw at wittsend.com>wrote:
> On Fri, 2009-07-24 at 10:28 -0400, Charles Shapiro wrote:
> > Looks like your dd-wrt router is now vulnerable to root access over
> > the net. The flaw involves an invalid graphics file sent to the web
> > server. They've released a fix. Details are available on the dd-wrt
> > website
> > (
> http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/34-dd-wrt-httpd-vulnerability-milw0rmcom-report.html).
>
> It's much MUCH simpler than an invalid graphics file. It's a meta
> character escape in the URL. Doesn't require any file at all. Pretty
> much a trivial instant remote root. But you have to have access to the
> Administration http service, which is disabled by default from the WLAN
> (Wireless LAN) and Internet (WAN) ports and should only be accessible
> from the LAN (hardwired) ports. That just leaves it vulnerable to local
> attacks, reflection attacks, and CSRF attacks. Sigh...
>
> > I think coova is not affected, since it's based on openwrt
> > ( http://openwrt.org/ )?
>
> > -- CHS
>
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 |
> http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of
> all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090725/da1f91a9/attachment-0001.html
More information about the Ale
mailing list