Date: 18 August 2009
Related Files:
ASB-2009.1025
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2009.1025.2
DD-WRT Root Compromise Vulnerability
18 August 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: DD-WRT
Operating System: Network Appliance
Impact/Access: Root Compromise -- Remote/Unauthenticated
CVE Names: CVE-2008-6974 CVE-2008-6975
Member content until: Saturday, August 22 2009
Revision History: August 18 2009: Added CVE References
July 23 2009: Initial Release
OVERVIEW
A vulnerability has been reported in the httpd server for the
DD-WRT management GUI.
"DD-WRT is a Linux based alternative OpenSource firmware suitable
for a great variety of WLAN routers and embedded systems." [1]
IMPACT
Successful exploitation of this vulnerablity will allow a remote
attacker to execute code on the device with root privleges. [2]
Exploit code has been made public.
For a device to be vulnerable it must have the remote Web GUI
management enabled.
For users who are unsure whether their device is running the
vulnerable software, a module has been made available for the
metasploit framework. [3]
MITIGATION
The vendor has released new builds of the firmware correcting
this vulnerability. They are available for download from the
vendor's website. [4]
Alternatively this vulnerability can be mitigated by either
disabling the DD-WRT management GUI or applying a firewall
rule the vendor has provided at their website. [2]
REFERENCES
[1] DD-WRT :: About the project
http://www.dd-wrt.com/dd-wrtv3/dd-wrt/about.html
[2] DD-WRT httpd vulnerability
http://www.dd-wrt.com/dd-wrtv3/index.php
[3] Changeset 6852 - Metasploit
http://trac.metasploit.com/changeset/6852
[4] DD-WRT Downloads
http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Feko%2FBrainSlayer-V24-preSP2%2F07-21-09-r12533/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKihmtNVH5XJJInbgRAomJAJ0bzfaiCwtVUbPADTBdbK42kxCUXwCeMnlB
hlMoVlSq9bcWjjiykYLpDYo=
=QWr6
-----END PGP SIGNATURE-----
|