o:wireless-boun...@wispa.org] On Behalf
Of Josh Luthman
Sent: Tuesday, September 03, 2013 12:59 PM
To: WISPA General List
Subject: Re: [WISPA] Fwd: Mikrotik RouterOS 5.* and 6.* sshd remote preauth
heap corruption
http://www.mikrotik.com/download/routeros-ALL-6.3.torrent
Josh Luthman
Office: 937-552-2
boun...@wispa.org] *On
> Behalf Of *Ben West
> *Sent:* Tuesday, September 03, 2013 10:26 AM
> *To:* WISPA General List
> *Subject:* Re: [WISPA] Fwd: Mikrotik RouterOS 5.* and 6.* sshd remote
> preauth heap corruption
>
> ** **
>
> Quoting Mikrotik's resp
Quoting Mikrotik's response (indicating it is more of a DOS risk than auth
bypass)"
http://forum.mikrotik.com/viewtopic.php?f=2&t=76310
"We have researched the exploitation claim in first post of the topic.
We can find no basis for this claim "Exploitation of this vulnerability
will allow full a
If I'm reading this correctly, an npk file is forged with the
/etc/devel-login file, then the install iso is modified to include the
forged npk.
Is this correct?
So you'd have to install this modified iso?
On Tue, Sep 3, 2013 at 10:38 AM, Ben West wrote:
> I haven't had a chance yet to verify
I haven't had a chance yet to verify whether this affects any of the
RouterOS v5.25 boxes I've deployed, but forwarding along FYI ...
-- Forwarded message --
From: king cope
Date: Mon, Sep 2, 2013 at 9:45 AM
Subject: [Full-disclosure] Mikrotik RouterOS 5.* and 6.* sshd remote
prea