Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| advisory:2020-05-06-1 [2020/05/06 09:39] – WIP on creating new advisory ldir | advisory:2020-05-06-1 [2020/05/18 08:53] – [MITIGATIONS] fix version zorun | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Security Advisory 2020-05-06-1 - foo (CVE-2020-foo) ====== | + | |
| + | ====== Security Advisory 2020-05-06-1 - umdns out-of-bounds reads of heap data and possible buffer overflow | ||
| ==== DESCRIPTION ==== | ==== DESCRIPTION ==== | ||
| - | This advisory is work in progress. | + | umdns in OpenWrt through 19.07.2 has potential for out-of-bounds reads of heap data and possible buffer overflow. |
| - | Description Foo | + | [[https:// |
| + | ==== REQUIREMENTS ==== | ||
| + | The '' | ||
| - | + | In order to exploit this vulnerability, | |
| - | + | ||
| - | [[https:// | + | |
| - | ==== REQUIREMENTS ==== | + | |
| - | + | ||
| - | In order to exploit this vulnerability, | + | |
| - | provide | + | |
| - | running in client mode and thus overflowing the rhostname string buffer by | + | |
| - | providing a very long hostname. | + | |
| ==== MITIGATIONS ==== | ==== MITIGATIONS ==== | ||
| - | To fix this issue, update the affected | + | To fix this issue, update the affected |
| - | opkg update; opkg upgrade | + | opkg update; opkg upgrade |
| The fix is contained in the following and later versions: | The fix is contained in the following and later versions: | ||
| - | * OpenWrt master: 2020-02-20 [[https:// | + | * OpenWrt master: 2020-04-25-cdac0460-1 |
| - | * OpenWrt 19.07: | + | * OpenWrt 19.07: |
| - | * OpenWrt 18.06: | + | * OpenWrt 18.06: |
| ==== AFFECTED VERSIONS ==== | ==== AFFECTED VERSIONS ==== | ||
| - | To our knowledge, OpenWrt versions 18.06.0 to 18.06.7 and versions 19.07.0 to | + | To our knowledge, OpenWrt versions 18.06.0 to 18.06.8 and versions 19.07.0 to |
| - | 19.07.1 are affected. | + | 19.07.2 are affected. |
| - | OpenWrt 18.06.8 and OpenWrt 19.07.2 releases. | + | OpenWrt 18.06.9 and OpenWrt 19.07.3 releases. |
| OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. | OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. | ||
| ==== CREDITS ==== | ==== CREDITS ==== | ||
| - | This issue was identified by Ilja Van Sprundel | + | This issue was identified by Guido Vranken using ForAllSecure Mayhem |
| - | Paul Mackerras. | + | was implemented by Kevin Darbyshire-Bryant with assistance from Guido Vranken. |