[Wien] VULN] Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption

[L. Aaron Kaplan]

Das koennte hier einige interessieren. Bei uns im Netz gibt es ein paar Mikrotiks.


Begin forwarded message:

> 
> http://www.exploit-db.com/exploits/28056/
> 
> Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption
> 
> During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified
> to have a remote previous to authentication heap corruption in its sshd
> component.
> 
> Exploitation of this vulnerability will allow full access to the router
> device.
> 
> This analysis describes the bug and includes a way to get developer
> access to recent versions of Mikrotik RouterOS
> using the /etc/devel-login file. This is done by forging a modified NPK
> file using a correct signature and logging
> into the device with username ‘devel’ and the password of the
> administrator. This will drop into a busybox shell for
> further researching the sshd vulnerability using gdb and strace tools
> that have been compiled for the Mikrotik busybox
> platform.
> 
> Shodanhq.com shows >290.000 entries for the ROSSSH search term.
> 
> The 50 megs Mikrotik package including the all research items can be
> downloaded here:
> 
> http://www.farlight.org/mikropackage.zip
> http://www.exploit-db.com/sploits/28056.zip

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 203 bytes
Beschreibung: Message signed with OpenPGP using GPGMail
URL         : <http://lists.funkfeuer.at/pipermail/wien/attachments/20130903/3b2c93ed/attachment.sig>
-------------- nächster Teil --------------
--
Wien mailing list
(spam-protected)
https://lists.funkfeuer.at/mailman/listinfo/wien