Gaping Hole in DD-WRT: Router Software with Back Door
The free router software DD-WRT opens in its version 24(SP1) a huge door due to a vulnerability in its HTTP daemon server.
The problem with the DD-WRT router software is the httpd process doesn't sufficiently test user input and, therefore, is vulnerable to cross-site request forgery (CSRF) attacks.
Takeover of the systems requires only a shell-created crafted link that brings the user to a posting that does the damage without even needing an authenticated session. SecurityFocus has the serious bug still listed as unresolved. The DD-WRT forum meanwhile points to bug fixes for the large number of router models affected.
Issue 39: Getting Started with Linux – /Special Editions
Buy this issue as a PDF
News
-
Microsoft Brings procmon to Linux
The creators of Windows have brought the sysinternals procmon tool to the open source operating system.
-
New KDE Slimbook Available
The makers of the KDE Slimbook have released a Ryzen-4000 powered laptop.
-
PinePhone Now Offers a Convergence Package
The makers of the Linux PinePhone are now offering a model that makes desktop/mobile convergence a reality.
-
Flutter is Coming to Linux
Google and Canonical have joined forces to bring Flutter to the Linux desktop.
-
Purism Launches a Mini PC
The makers of the Librem line of Linux-based laptops have released a mini PC.
-
openSUSE Leap 15.2 Adds AI Machine Learning
With the new release of openSUSE Leap comes some exciting new features, including machine learning.
-
Google’s Nearby Sharing Could Work with Linux
Google’s answer to Apple’s AirDrop feature is rumored to work with the Linux desktop.
-
System76 Launches Ryzen-Powered Laptop
The new System76 Serval WS includes a powerful AMD Ryzen CPU.
-
Linux Mint Drops Snap
Linux Mint has officially dropped their support for Canonical’s snap packages.
-
Lenovo Upping Their Linux Support
Lenovo is now offering full certification and Linux preinstalled hardware.