[WLANware] NAT Slipstreaming (CVE-2020-28041)

Zur Gruppenliste Beantworten 
Betreff: [WLANware] NAT Slipstreaming (CVE-2020-28041)
Von: zioproto@gmail.com (Saverio Proto)
Gruppen: freifunk.de.wlanware
Organisation: Newsserver Weimarnetz e. V.
Datum: 04. Nov 2020, 00:30:30
Hello,

I apologize for cross posting.

on 31.10.2020 this new attack was released:
https://github.com/samyk/slipstream

I am not 100% OpenWrt is vulnerable. It is also hard to say because
the Kernel Version depends on the OpenWrt target.

What are common values for:
$ uname -a
and
$ cat /proc/sys/net/netfilter/nf_conntrack_helper

?

I tried to propose this PR, but I am not sure it is the correct way to
patch OpenWrt to fix this.

https://github.com/openwrt/openwrt/pull/3564

is anyone else working on this ?

my 2 cents

thanks

Saverio


Datum Thema  Autor
04.11. o [WLANware] NAT Slipstreaming (CVE-2020-28041)Saverio Proto

"News-Portal" was written by Florian Amrhein.