Re: [WLANware] NAT Slipstreaming (CVE-2020-28041)Von: firstname.lastname@example.org
Newsserver Weimarnetz e. V.
04. Nov 2020, 02:24:14
We've discussed this on the IRC channel on the same day, see
The attack is based on a proprietary kernel module which is not
included in official OpenWrt (Linux 18.104.22.168brcmarm+, offending
module is called tdts.ko).
Any recent version of OpenWrt is fine as even if other similarly
vulnerable nat-extra modules were installed, they would not be
Nobody should still be using EOL'ed OpenWrt with Kernel as old as
4.7 (that'd be LEDE 17.01 running Linux 4.4, OpenWrt 18.06 is running
a mix of 4.9 and 4.14, depending on the target). So in case you
haven't updated your router in 3 years, please do so now if you want
to make sure your users to accidentally open ports by visiting a
malicious website. To the best of my knowledge you would still not
be affected, as vanilla Linux' NAT helpers are always only snooping
on specific ports and would not be triggered by something happening
on port 80. But to be sure, update to at least OpenWrt 18.06.
If you are using proprietary firmware on your gateway running
Linux 2.6, well, you most likely got some more problems....
On Wed, Nov 04, 2020 at 12:30:30AM +0100, Saverio Proto wrote:
I apologize for cross posting.
on 31.10.2020 this new attack was released:
I am not 100% OpenWrt is vulnerable. It is also hard to say because
the Kernel Version depends on the OpenWrt target.
What are common values for:
$ uname -a
$ cat /proc/sys/net/netfilter/nf_conntrack_helper
I tried to propose this PR, but I am not sure it is the correct way to
patch OpenWrt to fix this.
is anyone else working on this ?
my 2 cents
WLANware mailing list
Abonnement abbestellen? -> https://lists.freifunk.net/mailman/listinfo/wlanware-freifunk.net
Weitere Infos zu den freifunk.net Mailinglisten und zur An- und Abmeldung unter http://freifunk.net/mailinglisten