lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPwK=tgMVnbVF+Vqci7aq-x9pyU_ac9eGeduuSe+JGtOkWoNZA@mail.gmail.com> Date: Tue, 14 Apr 2020 18:29:35 +0800 From: Q C <cq674350529@...il.com> To: fulldisclosure@...lists.org Subject: Re: [FD] Two vulnerabilities found in MikroTik's RouterOS [Update 2020/04/14] The latest stable release tree 6.46.5 still suffers from these two vulnerabilities. Details ======= Product: MikroTik's RouterOS Affected Versions: through 6.46.5 (stable release tree) Fixed Versions: - Vendor URL: https://mikrotik.com/ Vendor Status: not fix yet CVE: - Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team Poc ======= The following pocs are based on the tool routeros ( https://github.com/tenable/routeros) 1) memory corruption in console process WinboxMessage msg; msg.set_to(48, 4); msg.set_command(0xfe0005); msg.add_u32(0xfe000c, -1); msg.add_u32(9, 9); 2) assertion failure in console process WinboxMessage msg; msg.set_to(48, 4); msg.set_command(0xfe0005); msg.add_u32(0xfe0001, 0); Disclosure timeline ======= 2019/08/23 reported the 2nd issue to the vendor 2019/08/26 reported the 1st issue to the vendor 2019/08/28 vendor reproduced the 1st issue and will fix it as soon as possible 2019/08/30 vendor reproduced the 2nd issue and will fix it as soon as possible 2019/12/02 notified the vendor the 1st issue still exists in version 6.44.6 (2nd issue fixed) 2020/01/06 no response from the vendor, and did the initial disclosure 2020/04/14 re-tested these two issues against the stable 6.46.5, and updated the disclosure Q C <cq674350529@...il.com> 于2020年1月6日周一 下午7:32写道: > Advisory: two vulnerabilities found in MikroTik's RouterOS > > > Details > ======= > > Product: MikroTik's RouterOS > Affected Versions: before 6.44.6 (Long-term release tree) > Fixed Versions: 6.44.6 (Long-term release tree) > Vendor URL: https://mikrotik.com/ > Vendor Status: fixed version released > CVE: - > Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team > > > Product Description > ================== > > RouterOS is the operating system used on the MikroTik's devices, such as > switch, router and access point. > > > Description of vulnerabilities > ========================== > > These two vulnerabilities were tested only against the MikroTik RouterOS > long-term release tree when found. Maybe other release trees also suffer > from these issues. > > 1. The console process suffers from a memory corruption issue. > An authenticated remote user can crash the console process due to a NULL > pointer reference by sending a crafted packet. > > 2. The console process suffers from an assertion failure issue. There is a > reachable assertion in the console process. An authenticated remote user > can crash the console process duo to assertion failure by sending a crafted > packet. > > Solution > ======== > > Upgrade to the corresponding latest RouterOS tree version. > > > References > ========== > > [1] https://mikrotik.com/download/changelogs/long-term-release-tree > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists