http://www.mikrotik.com/download/routeros-ALL-6.3.torrent
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Sep 3, 2013 at 2:16 PM, Bryce Duchcherer <bduc...@netago.ca> wrote: > I noticed today when I was upgrading one of my routers that 6.3 is now > out, but haven’t got the announcement from Mikrotik yet and it does not > show up under the downloads on MikroTik’s Website.**** > > ** ** > > I attached a screenshot of the changelog.**** > > ** ** > > ** ** > > *From:* wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] *On > Behalf Of *Ben West > *Sent:* Tuesday, September 03, 2013 10:26 AM > *To:* WISPA General List > *Subject:* Re: [WISPA] Fwd: Mikrotik RouterOS 5.* and 6.* sshd remote > preauth heap corruption**** > > ** ** > > Quoting Mikrotik's response (indicating it is more of a DOS risk than auth > bypass)" > > http://forum.mikrotik.com/viewtopic.php?f=2&t=76310 > > "We have researched the exploitation claim in first post of the topic. > > We can find no basis for this claim "Exploitation of this vulnerability > will allow full access to the router device." Following these instructions > will NOT allow access/control of the router and will NOT allow further > efforts to enable access/control of the router. > > By following the instruction for the first "sshd heap corruption”, the > sshd service of the router will exit and will not restart. This is a denial > of service as only a reboot of the router will make the ssh remote > management service available again. > > The second method that causes a crash of the sshd program also provides a > denial of service as the sshd does not restart and the router requires a > reboot to have sshd available. It does not allow or make it possible for > further efforts to gain access/control of the router."**** > > ** ** > > On Tue, Sep 3, 2013 at 11:18 AM, Micah Miller <mi...@nbson.com> wrote:**** > > If I'm reading this correctly, an npk file is forged with the > /etc/devel-login file, then the install iso is modified to include the > forged npk.**** > > ** ** > > Is this correct?**** > > ** ** > > So you'd have to install this modified iso?**** > > ** ** > > On Tue, Sep 3, 2013 at 10:38 AM, Ben West <b...@gowasabi.net> wrote:**** > > I haven't had a chance yet to verify whether this affects any of the > RouterOS v5.25 boxes I've deployed, but forwarding along FYI ...**** > > ** ** > > ---------- Forwarded message ---------- > From: *king cope* <isowarez.isowarez.isowa...@googlemail.com> > Date: Mon, Sep 2, 2013 at 9:45 AM > Subject: [Full-disclosure] Mikrotik RouterOS 5.* and 6.* sshd remote > preauth heap corruption > To: full-disclos...@lists.grok.org.uk, bugt...@securityfocus.com, > submissi...@packetstormsecurity.com > > > Hello lists, > > here you find the analysis of a vulnerability I recently discovered. > > Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption > > > http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/ > > Additionally it includes a way to drop into a development shell for > recent Mikrotik RouterOS versions. > > Cheers :> > > Kingcope > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/**** > > ** ** > > ** ** > > > > -- > Ben West**** > > http://gowasabi.net > b...@gowasabi.net > 314-246-9434**** > > ** ** > > _______________________________________________ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless**** > > > > **** > > ** ** > > -- **** > > Micah Miller**** > > Network/Server Administrator**** > > Network Business Systems, Inc.**** > > Phone: 309-944-8823**** > > > _______________________________________________ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless**** > > > > > -- > Ben West**** > > http://gowasabi.net > b...@gowasabi.net > 314-246-9434**** > > _______________________________________________ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless > >
_______________________________________________ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
