MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
server
Recherche

A vulnerability in the OpenWrt attended sysupgrade server

lundi 9 décembre 2024, 15:48 , par LWN.net
The OpenWrt project has issued an
advisory regarding a vulnerability found in its Attended Sysupgrade
Server that could allow compromised packages to be installed on a router by
an attacker. No official OpenWrt images were affected, and the
vulnerability is not known to be exploited, but users who have installed
images created with an instance of this server are recommended to
reinstall.

For a detailed description of how the exploit works, see this
blog post.

Then, as the hash collision occurred, the server returns the
overwritten build artifact to the legitimate request that requests
the following packages.

By abusing this, an attacker could force the user to upgrade to the
malicious firmware, which could lead to the compromise of the
device.
Lire la suite sur LWN.net
https://lwn.net/Articles/1001441/

Voir aussi

server Apple reportedly building AI server processor with help from Broadcom TheRegister12 Dec
vulnerability Microsoft delays final Exchange Server 2019 Cumulative Update to 2025 TheRegister10 Dec
openwrt OpenWrt orders router firmware updates after supply chain attack scare TheRegister 9 Dec
could Linux Preps for Kunpeng ARM Server SoC With High Bandwidth Memory Slashdot 6 Dec
sysupgrade 0patch uncovers a security vulnerability in all versions of Windows -- and releases free fixes BetaNews 6 Dec
attended IHOP server fired after 13 years service for buying pancakes for hungry person BoingBoing 3 Dec
packages Oh, good. Supermicro board probe clears server slinger of misconduct claims TheRegister 2 Dec
images Open source router firmware project OpenWrt ships its own entirely repairable hardware TheRegister 2 Dec
installed OpenWRT One Released: First Router Designed Specifically For OpenWrt Slashdot 1 Dec
attacker WordPress Anti-Spam Plugin Vulnerability Exposes 200,000 Sites to RCE Attacks Slashdot30 Nov
server The OpenWrt One router is now shipping LWN.net30 Nov
vulnerability Microsoft patches the patch that broke Exchange Server TheRegister28 Nov
openwrt How much will the RTX 5090 cost? This $50K server gives clues PC World27 Nov
could Google Vertex AI Vulnerability Exposes Customer Data — What You Need to Know eWeek27 Nov
sysupgrade Techie left 'For support, contact me' sign on a server. Twenty years later, someone did TheRegister22 Nov
attended Angular 19 bolsters server-side rendering with incremental hydration InfoWorld22 Nov
packages 'Alarming' security bugs lay low in Ubuntu Server utility for 10 years TheRegister21 Nov
images Microsoft Flight Simulator 2024 has launch day woes and server problems PC World20 Nov
installed [$] Book review: Run Your Own Mail Server LWN.net19 Nov
attacker Database warhorse SQL Server 2025 goes all-in on AI TheRegister19 Nov
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 12 déc. - 07:33 CET