Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#324449 - 22/07/2009 09:12 wrt-dd critical exploit
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
_________________________
Remind me to change my signature to something more interesting someday

Top
#324451 - 22/07/2009 11:37 Re: wrt-dd critical exploit [Re: andy]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Does anyone know if Tomato shares any similarity with DD-WRT? Should I assume this wouldn't affect it?
_________________________
Matt

Top
#324453 - 22/07/2009 11:47 Re: wrt-dd critical exploit [Re: Dignan]
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
Seems like the attacker would have to know the default IP of your router. I always change mine from the typical defaults.

It's not obvious from the post whether or not this would affect other open source firmware, including Tomato. The others may have their own httpd or even if they share code, may have implemented some URL sanitization.
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top
#324454 - 22/07/2009 12:18 Re: wrt-dd critical exploit [Re: hybrid8]
Phoenix42
veteran

Registered: 21/03/2002
Posts: 1424
Loc: MA but Irish born
It also seem to only impact more recent versions of the code, another win for procrastinators or those who read the directions and wonder if it is really all that safe...will it brink this time?
Thanks for the heads up Andy.

Top
#324455 - 22/07/2009 12:38 Re: wrt-dd critical exploit [Re: hybrid8]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
Originally Posted By: hybrid8
Seems like the attacker would have to know the default IP of your router. I always change mine from the typical defaults.

I bet most people's routers are somewhere on 192.168.0.x or 192.168.1.x, so you wouldn't need to know the IP as it is easy to just target all 508 IPs in those range.
_________________________
Remind me to change my signature to something more interesting someday

Top
#324458 - 22/07/2009 13:32 Re: wrt-dd critical exploit [Re: andy]
hybrid8
carpal tunnel

Registered: 12/11/2001
Posts: 7738
Loc: Toronto, CANADA
I suppose you're correct, the attacker could include the IP ranges within a small javascript loop. I was thinking about it from the perspective of having to click on a single compromised link.

But those two ranges would still miss my router. smile I definitely agree that most people don't change the IP at all, but then again, most people don't run third party firmware either.

A good one to get fixed as soon as possible, but not something to be terribly worried about short or long term. It should be trivial to have any open source project of this type patched quickly. Sanitizing a URL is pretty straight forward.
_________________________
Bruno
Twisted Melon : Fine Mac OS Software

Top
#324460 - 22/07/2009 13:41 Re: wrt-dd critical exploit [Re: Dignan]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Originally Posted By: Dignan
Does anyone know if Tomato shares any similarity with DD-WRT? Should I assume this wouldn't affect it?

A cursory test implies that Tomato (at least my installation) is not affected. Authentication seems to always be required and, if authenticated, the cgi-bin URL returns a 404.
_________________________
Bitt Faulk

Top
#324475 - 22/07/2009 20:49 Re: wrt-dd critical exploit [Re: wfaulk]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
Originally Posted By: wfaulk
Originally Posted By: Dignan
Does anyone know if Tomato shares any similarity with DD-WRT? Should I assume this wouldn't affect it?

A cursory test implies that Tomato (at least my installation) is not affected. Authentication seems to always be required and, if authenticated, the cgi-bin URL returns a 404.

Thanks, I have a dozen or so Tomato setups in clients' networks smile
_________________________
Matt

Top