[ale] Flaw in dd-wrt

Richard Bronosky Richard at Bronosky.com
Sat Jul 25 10:35:18 EDT 2009


Seriously! It is pretty crazy to have the admin open on the WAN side.
You shouldn't have anything open to the public without knockd. With
knockd your router will appear to have all ports closed to a complete
port scan. Before you can connect on any port, say port 22, you have
to "knock" on a series of ports in an order you predefine. Then your
router will accept connections on only port 22 only fron the IP
address that performed the secret knock. It's another level of
protection against brute force attacks.

On 7/25/09, Charles Shapiro <hooterpincher at gmail.com> wrote:
> Hmm. I might be ok then. The only way to my admin console is to physically
> plug in to the router.
>
> -- CHS
>
>
> On Fri, Jul 24, 2009 at 12:53 PM, Michael H. Warfield
> <mhw at wittsend.com>wrote:
>
>> On Fri, 2009-07-24 at 10:28 -0400, Charles Shapiro wrote:
>> > Looks like your dd-wrt router is now vulnerable to root access over
>> > the net. The flaw involves an invalid graphics file sent to the web
>> > server. They've released a fix. Details are available on the dd-wrt
>> > website
>> > (
>> http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/34-dd-wrt-httpd-vulnerability-milw0rmcom-report.html).
>>
>>         It's much MUCH simpler than an invalid graphics file.  It's a meta
>> character escape in the URL.  Doesn't require any file at all.  Pretty
>> much a trivial instant remote root.  But you have to have access to the
>> Administration http service, which is disabled by default from the WLAN
>> (Wireless LAN) and Internet (WAN) ports and should only be accessible
>> from the LAN (hardwired) ports.  That just leaves it vulnerable to local
>> attacks, reflection attacks, and CSRF attacks.  Sigh...
>>
>> > I think coova is not affected, since it's based on openwrt
>> > ( http://openwrt.org/ )?
>>
>> > -- CHS
>>
>>         Mike
>> --
>> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>>   /\/\|=mhw=|\/\/          | (678) 463-0932 |
>> http://www.wittsend.com/mhw/
>>   NIC whois: MHW9          | An optimist believes we live in the best of
>> all
>>  PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>>
>>
>

-- 
Sent from my mobile device

.!# RichardBronosky #!.


More information about the Ale mailing list