| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| advisory:2020-05-06-1 [2020/05/18 08:34] – [MITIGATIONS] add link to commits zorun | advisory:2020-05-06-1 [2020/05/18 08:53] – [MITIGATIONS] fix version zorun |
|---|
| ==== REQUIREMENTS ==== | ==== REQUIREMENTS ==== |
| |
| In order to exploit this vulnerability, a malicious attacker would need to provide a specially crafted umdns packet. | The ''umdns'' package is not part of the default package set: [[:downloads|official OpenWrt images provided for download]] do not contain ''umdns''. However, third-party images based on OpenWrt may contain ''umdns'' by default. |
| | |
| | In order to exploit this vulnerability, a vulnerable version of the ''umdns'' package needs to be installed on the OpenWrt device. A malicious attacker in the same local network as the OpenWrt device would then need to send a specially crafted mDNS packet. |
| ==== MITIGATIONS ==== | ==== MITIGATIONS ==== |
| |
| The fix is contained in the following and later versions: | The fix is contained in the following and later versions: |
| |
| * OpenWrt master: 2020-04-25 [[https://git.openwrt.org/533da61ac630|reboot-13026-g533da61ac630]] and [[https://git.openwrt.org/9f7c8ed0786b|reboot-13071-g9f7c8ed078]] | * OpenWrt master: 2020-04-25-cdac0460-1 [[https://git.openwrt.org/533da61ac630|reboot-13026-g533da61ac630]] and [[https://git.openwrt.org/9f7c8ed0786b|reboot-13071-g9f7c8ed078]] |
| * OpenWrt 19.07: 2020-04-25 [[https://git.openwrt.org/b71c7c261bd5|v19.07.2-62-gb71c7c261bd5]] and [[https://git.openwrt.org/4e5a29827fbd|v19.07.2-67-g4e5a29827fbd]] | * OpenWrt 19.07: 2020-04-25-cdac0460-1 [[https://git.openwrt.org/b71c7c261bd5|v19.07.2-62-gb71c7c261bd5]] and [[https://git.openwrt.org/4e5a29827fbd|v19.07.2-67-g4e5a29827fbd]] |
| * OpenWrt 18.06: 2020-04-25 [[https://git.openwrt.org/b07624342654|v18.06.8-19-gb076243426]] and [[https://git.openwrt.org/77063bb76ea7|v18.06.8-20-g77063bb76ea7]] | * OpenWrt 18.06: 2020-04-25-cdac0460-1 [[https://git.openwrt.org/b07624342654|v18.06.8-19-gb076243426]] and [[https://git.openwrt.org/77063bb76ea7|v18.06.8-20-g77063bb76ea7]] |
| |
| ==== AFFECTED VERSIONS ==== | ==== AFFECTED VERSIONS ==== |
| |
| To our knowledge, OpenWrt versions 18.06.0 to 18.06.7 and versions 19.07.0 to | To our knowledge, OpenWrt versions 18.06.0 to 18.06.8 and versions 19.07.0 to |
| 19.07.2 are affected. The fixed packages will be integrated in the upcoming | 19.07.2 are affected. The fixed packages will be integrated in the upcoming |
| OpenWrt 18.06.9 and OpenWrt 19.07.3 releases. Older versions of OpenWrt (e.g. | OpenWrt 18.06.9 and OpenWrt 19.07.3 releases. Older versions of OpenWrt (e.g. |