dd-wrt root vulnerability
jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Wed Jul 22 02:07:50 UTC 2009
theregister has an article about a root vulnerability on recent dd-wrt
From the article:
"The bug resides in DD-WRT's hyper text transfer protocol daemon, which
runs as root. Because the httpd doesn't sanitize user-supplied input,
it's vulnerable to remote command injection. While the httpd doesn't
listen on the outbound interface, attackers can easily access it using
CSRF (cross-site request forgery) techniques."
For people who have enabled remote httpd access, it's probably much worse.
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy