Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| advisory:2020-05-06-2 [2020/05/06 09:46] – WIP on creating new advisory ldir | advisory:2020-05-06-2 [2020/05/06 15:24] – created ldir | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Security Advisory 2020-05-06-2 - foo (CVE-2020-foo) ====== | + | ====== Security Advisory 2020-05-06-2 - relayd out-of-bounds reads of heap data and possible buffer overflow |
| ==== DESCRIPTION ==== | ==== DESCRIPTION ==== | ||
| - | This advisory is work in progress. | + | relayd |
| - | Description Foo | ||
| - | + | [[https:// | |
| - | + | ||
| - | + | ||
| - | [[https:// | + | |
| ==== REQUIREMENTS ==== | ==== REQUIREMENTS ==== | ||
| In order to exploit this vulnerability, | In order to exploit this vulnerability, | ||
| - | provide specially crafted | + | provide specially crafted |
| - | running in client mode and thus overflowing the rhostname string buffer by | + | |
| - | providing a very long hostname. | + | |
| ==== MITIGATIONS ==== | ==== MITIGATIONS ==== | ||
| - | To fix this issue, update the affected | + | To fix this issue, update the affected |
| - | opkg update; opkg upgrade | + | opkg update; opkg upgrade |
| The fix is contained in the following and later versions: | The fix is contained in the following and later versions: | ||
| - | | + | TBA: Placeholder only |
| - | * OpenWrt 19.07: | + | |
| - | * OpenWrt 18.06: | + | |
| + | * OpenWrt 19.07: | ||
| + | * OpenWrt 18.06: | ||
| ==== AFFECTED VERSIONS ==== | ==== AFFECTED VERSIONS ==== | ||
| To our knowledge, OpenWrt versions 18.06.0 to 18.06.7 and versions 19.07.0 to | To our knowledge, OpenWrt versions 18.06.0 to 18.06.7 and versions 19.07.0 to | ||
| - | 19.07.1 are affected. | + | 19.07.2 are affected. |
| - | OpenWrt 18.06.8 and OpenWrt 19.07.2 releases. | + | OpenWrt 18.06.9 and OpenWrt 19.07.3 releases. |
| OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. | OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more. | ||
| ==== CREDITS ==== | ==== CREDITS ==== | ||
| - | This issue was identified by Ilja Van Sprundel | + | This issue was identified by Guido Vranken using ForAllSecure Mayhem |
| - | Paul Mackerras. | + | was implemented by Kevin Darbyshire-Bryant with assistance from Guido Vranken. |