[WLANware] NAT Slipstreaming (CVE-2020-28041)
Martin Weinelt
martin at darmstadt.freifunk.net
Wed Nov 4 03:46:13 CET 2020
I don't feel that is the complete takeaway from the explanation over at
https://github.com/samyk/slipstream#summary.
Therein the high-level explanation uses the nf_conntrack_sip ALG as far
as I understand it.
So it seems unlikely, that we would be out of the woods.
Martin
On 04.11.20 02:24, Daniel Golle wrote:
> We've discussed this on the IRC channel on the same day, see
> https://freenode.irclog.whitequark.org/openwrt-devel/2020-11-02#28272739
>
> Summary:
> The attack is based on a proprietary kernel module which is not
> included in official OpenWrt (Linux 2.6.36.4brcmarm+, offending
> module is called tdts.ko).
> Any recent version of OpenWrt is fine as even if other similarly
> vulnerable nat-extra modules were installed, they would not be
> assigned automatically.
>
> Nobody should still be using EOL'ed OpenWrt with Kernel as old as
> 4.7 (that'd be LEDE 17.01 running Linux 4.4, OpenWrt 18.06 is running
> a mix of 4.9 and 4.14, depending on the target). So in case you
> haven't updated your router in 3 years, please do so now if you want
> to make sure your users to accidentally open ports by visiting a
> malicious website. To the best of my knowledge you would still not
> be affected, as vanilla Linux' NAT helpers are always only snooping
> on specific ports and would not be triggered by something happening
> on port 80. But to be sure, update to at least OpenWrt 18.06.
>
> If you are using proprietary firmware on your gateway running
> Linux 2.6, well, you most likely got some more problems....
>
>
> On Wed, Nov 04, 2020 at 12:30:30AM +0100, Saverio Proto wrote:
>> Hello,
>>
>> I apologize for cross posting.
>>
>> on 31.10.2020 this new attack was released:
>> https://github.com/samyk/slipstream
>>
>> I am not 100% OpenWrt is vulnerable. It is also hard to say because
>> the Kernel Version depends on the OpenWrt target.
>>
>> What are common values for:
>> $ uname -a
>> and
>> $ cat /proc/sys/net/netfilter/nf_conntrack_helper
>>
>> ?
>>
>> I tried to propose this PR, but I am not sure it is the correct way to
>> patch OpenWrt to fix this.
>>
>> https://github.com/openwrt/openwrt/pull/3564
>>
>> is anyone else working on this ?
>>
>> my 2 cents
>>
>> thanks
>>
>> Saverio
>> _______________________________________________
>> WLANware mailing list
>> WLANware at freifunk.net
>> Abonnement abbestellen? -> https://lists.freifunk.net/mailman/listinfo/wlanware-freifunk.net
>>
>> Weitere Infos zu den freifunk.net Mailinglisten und zur An- und Abmeldung unter http://freifunk.net/mailinglisten
> _______________________________________________
> WLANware mailing list
> WLANware at freifunk.net
> Abonnement abbestellen? -> https://lists.freifunk.net/mailman/listinfo/wlanware-freifunk.net
>
> Weitere Infos zu den freifunk.net Mailinglisten und zur An- und Abmeldung unter http://freifunk.net/mailinglisten
>
More information about the WLANware
mailing list