This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| advisory:2020-05-06-1 [2020/05/18 08:36] – [AFFECTED VERSIONS] fix 18.06 version zorun | advisory:2020-05-06-1 [2020/05/18 08:53] – [MITIGATIONS] fix version zorun |
|---|
| ==== REQUIREMENTS ==== | ==== REQUIREMENTS ==== |
| |
| In order to exploit this vulnerability, a malicious attacker would need to provide a specially crafted umdns packet. | The ''umdns'' package is not part of the default package set: [[:downloads|official OpenWrt images provided for download]] do not contain ''umdns''. However, third-party images based on OpenWrt may contain ''umdns'' by default. |
| | |
| | In order to exploit this vulnerability, a vulnerable version of the ''umdns'' package needs to be installed on the OpenWrt device. A malicious attacker in the same local network as the OpenWrt device would then need to send a specially crafted mDNS packet. |
| ==== MITIGATIONS ==== | ==== MITIGATIONS ==== |
| |
| The fix is contained in the following and later versions: | The fix is contained in the following and later versions: |
| |
| * OpenWrt master: 2020-04-26 [[https://git.openwrt.org/533da61ac630|reboot-13026-g533da61ac630]] and [[https://git.openwrt.org/9f7c8ed0786b|reboot-13071-g9f7c8ed078]] | * OpenWrt master: 2020-04-25-cdac0460-1 [[https://git.openwrt.org/533da61ac630|reboot-13026-g533da61ac630]] and [[https://git.openwrt.org/9f7c8ed0786b|reboot-13071-g9f7c8ed078]] |
| * OpenWrt 19.07: 2020-04-27 [[https://git.openwrt.org/b71c7c261bd5|v19.07.2-62-gb71c7c261bd5]] and [[https://git.openwrt.org/4e5a29827fbd|v19.07.2-67-g4e5a29827fbd]] | * OpenWrt 19.07: 2020-04-25-cdac0460-1 [[https://git.openwrt.org/b71c7c261bd5|v19.07.2-62-gb71c7c261bd5]] and [[https://git.openwrt.org/4e5a29827fbd|v19.07.2-67-g4e5a29827fbd]] |
| * OpenWrt 18.06: 2020-05-04 [[https://git.openwrt.org/b07624342654|v18.06.8-19-gb076243426]] and [[https://git.openwrt.org/77063bb76ea7|v18.06.8-20-g77063bb76ea7]] | * OpenWrt 18.06: 2020-04-25-cdac0460-1 [[https://git.openwrt.org/b07624342654|v18.06.8-19-gb076243426]] and [[https://git.openwrt.org/77063bb76ea7|v18.06.8-20-g77063bb76ea7]] |
| |
| ==== AFFECTED VERSIONS ==== | ==== AFFECTED VERSIONS ==== |