Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
advisory:2020-05-06-1 [2020/05/18 08:35] – [MITIGATIONS] fix dates zorunadvisory:2020-05-06-1 [2020/05/18 08:53] – [MITIGATIONS] fix version zorun
Line 9: Line 9:
 ==== REQUIREMENTS ==== ==== REQUIREMENTS ====
  
-In order to exploit this vulnerability, a malicious attacker would need to provide a specially crafted umdns packet.+The ''umdns'' package is not part of the default package set: [[:downloads|official OpenWrt images provided for download]] do not contain ''umdns''. However, third-party images based on OpenWrt may contain ''umdns'' by default. 
 + 
 +In order to exploit this vulnerability,vulnerable version of the ''umdns'' package needs to be installed on the OpenWrt device. A malicious attacker in the same local network as the OpenWrt device would then need to send a specially crafted mDNS packet.
 ==== MITIGATIONS ==== ==== MITIGATIONS ====
  
Line 18: Line 20:
 The fix is contained in the following and later versions: The fix is contained in the following and later versions:
  
-  * OpenWrt master: 2020-04-26 [[https://git.openwrt.org/533da61ac630|reboot-13026-g533da61ac630]] and [[https://git.openwrt.org/9f7c8ed0786b|reboot-13071-g9f7c8ed078]] +  * OpenWrt master: 2020-04-25-cdac0460-1 [[https://git.openwrt.org/533da61ac630|reboot-13026-g533da61ac630]] and [[https://git.openwrt.org/9f7c8ed0786b|reboot-13071-g9f7c8ed078]] 
-  * OpenWrt 19.07:  2020-04-27 [[https://git.openwrt.org/b71c7c261bd5|v19.07.2-62-gb71c7c261bd5]] and [[https://git.openwrt.org/4e5a29827fbd|v19.07.2-67-g4e5a29827fbd]] +  * OpenWrt 19.07:  2020-04-25-cdac0460-1 [[https://git.openwrt.org/b71c7c261bd5|v19.07.2-62-gb71c7c261bd5]] and [[https://git.openwrt.org/4e5a29827fbd|v19.07.2-67-g4e5a29827fbd]] 
-  * OpenWrt 18.06:  2020-05-04 [[https://git.openwrt.org/b07624342654|v18.06.8-19-gb076243426]] and [[https://git.openwrt.org/77063bb76ea7|v18.06.8-20-g77063bb76ea7]]+  * OpenWrt 18.06:  2020-04-25-cdac0460-1 [[https://git.openwrt.org/b07624342654|v18.06.8-19-gb076243426]] and [[https://git.openwrt.org/77063bb76ea7|v18.06.8-20-g77063bb76ea7]]
  
 ==== AFFECTED VERSIONS ==== ==== AFFECTED VERSIONS ====
  
-To our knowledge, OpenWrt versions 18.06.0 to 18.06.and versions 19.07.0 to+To our knowledge, OpenWrt versions 18.06.0 to 18.06.and versions 19.07.0 to
 19.07.2 are affected.  The fixed packages will be integrated in the upcoming 19.07.2 are affected.  The fixed packages will be integrated in the upcoming
 OpenWrt 18.06.9 and OpenWrt 19.07.3 releases.  Older versions of OpenWrt (e.g. OpenWrt 18.06.9 and OpenWrt 19.07.3 releases.  Older versions of OpenWrt (e.g.
  • Last modified: 2020/05/19 10:44
  • by zorun