LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Syndicated Linux News (http://www.linuxquestions.org/questions/syndicated-linux-news-67/)
-   -   LXer: Root vulnerability in DD-WRT free router firmware (http://www.linuxquestions.org/questions/syndicated-linux-news-67/lxer-root-vulnerability-in-dd-wrt-free-router-firmware-742153/)

LXer 07-23-2009 01:00 AM

LXer: Root vulnerability in DD-WRT free router firmware
 
Published at LXer:

The management interface of the current stable version of DD-WRT, the free router firmware, suffers a vulnerability that lets attackers run programs with root rights on the router. The vulnerability, described at milw0rm and in the DD-WRT forum, is caused by inadequate handling of meta-characters in the query string in DD-WRT's httpd web server. The server will then run programs even when no session is running.

Read More...


All times are GMT -5. The time now is 01:27 AM.