[HamWAN PSDR] RouterOS 6.45.1
Darcy Buskermolen
darcyb at gmail.com
Thu Jul 4 04:36:16 PDT 2019
There a number (6) of remotely executable vulnerabilities addressed in this
release.
MAJOR CHANGES IN v6.45.1:
----------------------
CVE-2018-1157 memory exhaustion vulnerability. An authenticated remote
attacker can crash the HTTP server and in some circumstances reboot the
system via a crafted HTTP POST request.
CVE-2018-1158 stack exhaustion vulnerability. An authenticated remote
attacker can crash the HTTP server via recursive parsing of JSON.
CVE-2019-11477 integer overflow in the Linux kernel when handling TCP
Selective Acknowledgments (SACKs)
CVE-2019-11478 TCP retransmission queue implementation in tcp_fragment in
the Linux kernel could be fragmented when handling certain TCP Selective
Acknowledgment (SACK) sequences.
CVE-2019-11479 remote peer to fragment TCP resend queues
CVE-2019-13074 vulnerability in the FTP daemon could allow remote
attackers to exhaust all available memory, causing the device to reboot
because of uncontrolled resource management.
Like always, it's recommended to keep your devices up to date, instructions
for updating can be found @
https://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20190704/5b343fad/attachment.html>
More information about the PSDR
mailing list