| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0DE973120EDCC24185BA1E6D916502AE70BEA669@DAG-EX10.ad.checkpoint.com> Date: Thu, 18 Dec 2014 14:00:13 +0000 From: Shahar Tal <shahartal@...ckpoint.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] The Misfortune Cookie Vulnerability Hey there, Recently our group has uncovered a serious vuln in RomPager - the most popular web server in the world, found in millions of embedded devices (mostly residential gateways / SOHO routers), which unfortunately allows gaining admin access to the router from the WAN (port 80 access not required! 7547 works like a charm). This is not the "rom-0" vulnerability revealed earlier this year. In fact, it's about an order of magnitude worse - IPv4 scans show at least 12 million readily exploitable endpoints. Shodan it yourself later. We call it "Misfortune Cookie" over the affected vulnerable HTTP cookie parsing module, but MITRE insists on CVE-2014-9222 (CVSS score, for those of you keeping count, is 9.7). See http://mis.fortunecook.ie for the rest. Cheers, Shahar Tal Malware & Vulnerability Research AAAAAAAAAAAAAAAA\0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Check Point Software Technologies | * +972-3-753-4536 | M +972-545-888887 | * shahartal@...ckpoint.com<mailto:shahartal@...ckpoint.com> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists