dropbear security

Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions
Author Message
polhallen
DD-WRT Novice


Joined: 19 Nov 2015
Posts: 31

PostPosted: Thu Jul 21, 2016 19:11    Post subject: dropbear security Reply with quote
Hi all, on the latest dd-wrt firmware (r30260) there's dropbear v2016.73(!)

There's a vulnerability in this version and there's available the latest version of drobear (2016.74)

Here the changelog from official page:

2016.74 - 21 July 2016

- Security: Message printout was vulnerable to format string injection.

If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.

A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files

- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.

- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v

The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html

- Fix port forwarding failure when connecting to domains that have both
IPv4 and IPv6 addresses. The bug was introduced in 2015.68

- Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang Hui P
for the patch
Sponsor
ATHF
DD-WRT Guru


Joined: 14 Dec 2015
Posts: 774
Location: 127.0.0.1

PostPosted: Thu Jul 21, 2016 21:29    Post subject: Reply with quote
Already updated, just not in a new build yet I believe.

http://svn.dd-wrt.com/changeset/30270

_________________
Tutorial for flashing WRT series
WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
polhallen
DD-WRT Novice


Joined: 19 Nov 2015
Posts: 31

PostPosted: Thu Jul 21, 2016 21:33    Post subject: Reply with quote
Great!

Where I found all changelogs of new releases?
ATHF
DD-WRT Guru


Joined: 14 Dec 2015
Posts: 774
Location: 127.0.0.1

PostPosted: Fri Jul 22, 2016 1:39    Post subject: Reply with quote
You can check here:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=279466

It is done by KrypteX, but I don't think it is high on the priority list right now as it is a little behind.

If you want up to the minute updates you can check http://svn.dd-wrt.com/ a few times a day.

_________________
Tutorial for flashing WRT series
WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
polhallen
DD-WRT Novice


Joined: 19 Nov 2015
Posts: 31

PostPosted: Fri Jul 22, 2016 8:28    Post subject: Reply with quote
ok, thank you for your reply!

I've last question: do you know how can I restart usb-core-support from shell?

thanks
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Generic Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum