[olug] Yesterday's dd-wrt release fixes vulnerability
Chad Homan
choman at gmail.com
Thu Jul 23 01:10:28 UTC 2009
I've dug into this a little but. The bug exist in the v24 sp1 firmware.
I personally have been running the June 19 pre-sp2 release which also has
the bug.
If your running anything prior to v24 sp1, you can run the test rob privided
and verify that the bug effects you
There are two fixes posted currently, both available on the dd-wrt home
page.
Note that the suggested firmware fix is temporary until the router DB is
updated.
well according to the website
Chad, CISSP
On Wed, Jul 22, 2009 at 6:54 PM, Cheyenne Deal <deal.cheyenne at gmail.com>wrote:
> When did the problem start, I have a 04/07 release 07 as in 2007
>
> -----Original Message-----
> From: Rob Townley <rob.townley at gmail.com>
> Sent: Wednesday, July 22, 2009 6:31 PM
> To: Omaha Linux User Group <olug at olug.org>
> Subject: [olug] Yesterday's dd-wrt release fixes vulnerability
>
> If you have dd-wrt firmware, you will want to update. There is a
> vulnerability in it that malicious website code could get root just by
> visiting that malicious website from behind your dd-wrt firewall, CSRF
> style.
>
> Test: http://192.168.1.1/cgi-bin/;reboot
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list