|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2020-04-01 15:06:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
OpenWRT code-execution bug puts millions of devices at risk (Ars Technica)
Ars Technica reports
on the recently disclosed OpenWrt package verification vulnerability. The
headline may be a bit overwrought, though. "These code-execution
exploits are limited in their scope because adversaries must either be in a
position to conduct a man-in-the-middle attack or tamper with the DNS
server that a device uses to find the update on the Internet. That means
routers on a network that has no malicious users and using a legitimate DNS
server are safe from attack." It also assumes that people actually
update their routers, which seems unlikely in most cases in the real world.
Ars Technica reports
on the recently disclosed OpenWrt package verification vulnerability. The
headline may be a bit overwrought, though. "These code-execution
exploits are limited in their scope because adversaries must either be in a
position to conduct a man-in-the-middle attack or tamper with the DNS
server that a device uses to find the update on the Internet. That means
routers on a network that has no malicious users and using a legitimate DNS
server are safe from attack." It also assumes that people actually
update their routers, which seems unlikely in most cases in the real world.
