Âíèìàíèå! Áåçîïàñíîñòü Linux-based MIPSel ðîóòåðîâ!

**hairpin** · 02-02-2013, 18:41

Originally Posted by AlexeyS

Ó íàñ óæå äàâíî miniupnpd âìåñòî íåå.

Íå îäíà libupnp óÿçâèìà, miniupnp 1.0 òîæå
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
http://web.nvd.nist.gov/view/vuln/de...=CVE-2013-0230
ß ïðîâåðèë íà ñâîåì RT-N16: íà çàâîäñêîé ïðîøèâêå 3.0.0.4.260 ñ âêëþ÷åííûì UPnP äëÿ òåñòà Rapid7 îêàçàëñÿ íåóÿçâèì.
Ïî äàííûì Rapid7: "332 products use MiniUPnPd version 1.0, which is remotely exploitable. Over 69% of all MiniUPnPd fingerprints were version 1.0 or older."

**AlexeyS** · 02-02-2013, 20:00

ß òîæå ïðîâåðèë ñâîé wl500gp ñ ìåñòíîé ïðîøèâêîé, âåðäèêò - íå óÿçâèì. Òàê ÷òî áåñïîêîèòüñÿ íå î ÷åì.

**Omega** · 07-02-2013, 12:44

Êðèòè÷åñêàÿ óÿçâèìîñòü âî ìíîãèõ ðîóòåðàõ ðàçëè÷íûõ âåíäîðîâ

Êàê ñîîáùàëîñü ðàíåå, êîìïàíèÿ DefenseCode îáíàðóæèëà óÿçâèìîñòü íóëåâîãî äíÿ â ðîóòåðàõ Cisco Linksys.
Ïðåäñòàâèòåëè êîìïàíèè îïîâåñòèëè âåíäîðà è âçÿëè òàéì-àóò íà ïàðó íåäåëü ïåðåä ðàñêðûòèåì äåòàëåé óÿçâèìîñòè.
Âðåìÿ âûøëî, íåêîòîðûå ïîäðîáíîñòè áûëè ðàñêðûòû è îêàçàëîñü, ÷òî íå òîëüêî Cisco Linksys óÿçâèìà.
Âîò òîëüêî ÷àñòü âåíäîðîâ, ãäå ïðèñóòñòâóåò óÿçâèìîñòü:

Asus
Broadcom
Cisco
D-Link
Netgear
TP-Link
Zyxel
US Robotics

Ðå÷ü èä¸ò î ñðàçó íåñêîëüêèõ óÿçâèìîñòÿõ, êîòîðûå êðîþòñÿ â ðÿäå ðåàëèçàöèé ïðîòîêîëà UPnP è SSDP
(îñíîâàííûå íà Intel/Portable UPnP SDK è MiniUPnP SDK):

1. CVE-2012-5958
2. CVE-2012-5959
3. CVE-2012-5960
4. CVE-2012-5961
5. CVE-2012-5962
6. CVE-2012-5963
7. CVE-2012-5964
8. CVE-2012-5965
9. CVE-2013-0229
10. CVE-2013-0230

Óÿçâèìîñòè ïîçâîëÿþò âûçâàòü îòêàç â îáñëóæèâàíèè èëè âûïîëíèòü ïðîèçâîëüíûé êîä íà óñòðîéñòâå áåç àâòîðèçàöèè. À ò.ê. ìíîãèå
ðîóòåðû âçàèìîäåéñòâóþò ñ UPnP ÷åðåç WAN, ýòî äåëàåò èõ óÿçâèìûìè íå òîëüêî ê àòàêå èç ëîêàëüíîé ñåòè, íî è èç óäàë¸ííûõ ñåòåé.

Ò.å. ïðàêòè÷åñêè ñ ëþáîãî êîìïüþòåðà Èíòåðíåòà. Óÿçâèìûìè ìîãóò îêàçàòüñÿ íå òîëüêî ðîóòåðû, íî âîîáùå ëþáîå îáîðóäîâàíèå,
èñïîëüçóþùåå UPnP: ïðèíòåðû, ìåäèà-ñåðâåðû, IP-êàìåðû, NAS, smart TV è ò.ä. Ò.å. ðå÷ü èä¸ò î ìèëëèîíàõ óñòðîéñòâ!

http://habrahabr.ru/post/168613/

http://habrahabr.ru/post/165737/

**AndreyUA** · 07-02-2013, 13:41

Ïðîâåðèë ïîñëåäíþþ áåòà îô ïðîøèâó íà rt15u. Óÿçâèìîñòü åñòü. Äóìàþ, ÷òî ýòà æå óÿçâèìîñòü áóäåò íà âñåõ rtn,âåäü sdk îäèí è òîò æå .
http://upnp-check.rapid7.com/

**Vampik** · 07-02-2013, 14:45

×òî ýòî çà áðåä.

1) Ó êàêèõ-òî âåíäîðîâ â ïðîøèâêå îòêðûò UPnP ÷åðåç WAN? Ýòî êðèòè÷åñêàÿ ïðîáëåìà, ñ èõ øòàòíûìè ïðîãðàììèñòàìè.
2) Óÿçâèìîñòè ïîäâåðæåíû ñòàðûå âåðñèè ÏÎ, â ÷àñòíîñòè îòíîñèòåëüíî òîãî æå miniupnpd - âåðñèè 1.0-1.3 (ó íàñ 1.7.20120824). Ýòî îïÿòü æå ïðîáëåìà âåíäîðîâ.

Íàøåé ïðîøèâêè íå êàñàåòñÿ

**Ant-125** · 07-02-2013, 15:49

Name: Universal Plug and Play Check by Rapid7.htm_20130207183816.png
Views: 2002
Size: 59.5 KB

Âðîäå íîðìàëüíî WL500gP.v1 1.9.2.7-rtn-r4772

**Vampik** · 07-02-2013, 17:30

report WAN address è äîñòóï èç WAN - äâå ðàçíûå âåùè. Êñòàòè, ýòîò ïåðåêëþ÷àòåëü (WAN/MAN) íè÷åãî íå äåëàåò, íàäî åãî óáðàòü èç ïðîøèâêè.

**Ant-125** · 07-02-2013, 18:03

À ÷åêáîêñ "Enable access from WAN" òîãäà ê ÷åìó îòíîñèòñÿ? Îí âðîäå íàõîäèòñÿ íà ñòðî÷êå "Multicast to HTTP Proxy"...

**Vampik** · 07-02-2013, 18:24

Originally Posted by Ant-125

À ÷åêáîêñ "Enable access from WAN" òîãäà ê ÷åìó îòíîñèòñÿ? Îí âðîäå íàõîäèòñÿ íà ñòðî÷êå "Multicast to HTTP Proxy"...

Îòíîñèòñÿ ê udpxy.

**IrWert** · 08-02-2013, 03:51

http://habrahabr.ru/post/168613/
Îíî íàñ íå êàñàåòñÿ?

**Vampik** · 08-02-2013, 06:28

Originally Posted by IrWert

http://habrahabr.ru/post/168613/
Îíî íàñ íå êàñàåòñÿ?

http://wl500g.info/showthread.php?19...142#post258142
http://habrahabr.ru/post/168613/#comment_5838187

**AlexeyS** · 08-02-2013, 07:16

Originally Posted by Vampik

report WAN address è äîñòóï èç WAN - äâå ðàçíûå âåùè. Êñòàòè, ýòîò ïåðåêëþ÷àòåëü (WAN/MAN) íè÷åãî íå äåëàåò, íàäî åãî óáðàòü èç ïðîøèâêè.

Âîîáùå-òî îí ïðåäíàçíà÷åí äëÿ ñëó÷àåâ ñ dual-access, êîãäà ðîëü WAN âûïîëíÿåò èíòåðôåéñ ppp, man - ôèçè÷åñêèé èíòåðôåéñ. Íå íàäî åãî óäàëÿòü!

**KOCTET** · 08-02-2013, 08:20

Originally Posted by Vampik

http://habrahabr.ru/post/168613/#comment_5838187

Ïëàêàë íà ýòèì ïîñòîì

Íó è ñîáñòâåííî â âèäåî ïîêàçûâàþùåå ýòó óÿçâèìîñòü àòàêà íà ðîóòåð ïî÷åìó òî áûëà èç ëàí ñåòè, ò.å. ðîóòåð îíè ëîìàëè ïî àäðåñó 192.168.1.1

**Vampik** · 08-02-2013, 08:23

Originally Posted by AlexeyS

Âîîáùå-òî îí ïðåäíàçíà÷åí äëÿ ñëó÷àåâ ñ dual-access, êîãäà ðîëü WAN âûïîëíÿåò èíòåðôåéñ ppp, man - ôèçè÷åñêèé èíòåðôåéñ. Íå íàäî åãî óäàëÿòü!

Ïîñìîòðèòå â êîä - âûáîð Report MAN address èëè Report WAN address äëÿ UPnP îñòàëñÿ â ïðîøèâêå ñî âðåìåí Asus UPnPd è ñåé÷àñ íå äåëàåò í-è-÷-å-ã-î.

**AndreyUA** · 09-02-2013, 22:39

Originally Posted by Vampik

×òî ýòî çà áðåä.

1) Ó êàêèõ-òî âåíäîðîâ â ïðîøèâêå îòêðûò UPnP ÷åðåç WAN? Ýòî êðèòè÷åñêàÿ ïðîáëåìà, ñ èõ øòàòíûìè ïðîãðàììèñòàìè.
2) Óÿçâèìîñòè ïîäâåðæåíû ñòàðûå âåðñèè ÏÎ, â ÷àñòíîñòè îòíîñèòåëüíî òîãî æå miniupnpd - âåðñèè 1.0-1.3 (ó íàñ 1.7.20120824). Ýòî îïÿòü æå ïðîáëåìà âåíäîðîâ.

Íàøåé ïðîøèâêè íå êàñàåòñÿ

Ïîä rt-n èìåë ââèäó âñå àñóñîâñêèå ïðîøèâêè.

Thread: Âíèìàíèå! Áåçîïàñíîñòü Linux-based MIPSel ðîóòåðîâ!

Thread Tools

Rate This Thread

Display

Similar Threads

Oscam für Mipsel Router

Áåçîïàñíîñòü SSH (dropbear)

warning: mipsel botnet worm targets routers and dsl modems

New 1.0.4.6 based custom firmware

Recompiling with mipsel

Tags for this Thread

Posting Permissions