I have run OpenVAS on my broadband router that runs on latest 2.97 and it has reported the following vulnerabilities.
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability - CVE-2009-4490, CVE-2009-4491
- BrowseGate HTTP headers overflows - CVE-2000-0908
Cannot judge what some can do by exploiting those however is there a way to close those ? Any services I can switch off ?
Regards,
George
2.97 Firmware vulnerabilities
Re: 2.97 Firmware vulnerabilities
Interesting, but the web gui is only http and not secure so you shouldn't expose it to the big bad internet, and probably worse things can happen if you have a hacker inside your LAN!
You don't actually need the web gui in normal operation so there is an option not to run the http server, can always be loaded manually from ssh - see the FAQ in section on memory optimisation
firmware-faq/#optimise
You don't actually need the web gui in normal operation so there is an option not to run the http server, can always be loaded manually from ssh - see the FAQ in section on memory optimisation
firmware-faq/#optimise
Re: 2.97 Firmware vulnerabilities
True and thanks.
Using stop_httpd gives and re-run OpenVAS gives nil vulnerability response from the internal network
Not sure what software the children are downloading nowdays so better to lock from inside too.
So I am happy to start/stop the http from shell prompt.
Using stop_httpd gives and re-run OpenVAS gives nil vulnerability response from the internal network
Not sure what software the children are downloading nowdays so better to lock from inside too.
So I am happy to start/stop the http from shell prompt.