You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is no restriction on the path of the system log file(logread),which lead to overwritten important file,such as /etc/passwd. if /etc/passwd was overwritened,it will cause a denial of service. when a router was infected, The only way to fix is flash firmware.
In the background, function [[https://github.com/openwrt/openwrt/blob/fd28ef59db92da245debf207892fad8e1a0d9e45/package/system/ubox/files/log.init#L44|External Linkstart_service_file ]]will deal the system logging request and use logread` to save log in specified file.
delikely:
There is no restriction on the path of the system log file(logread),which lead to overwritten important file,such as /etc/passwd. if /etc/passwd was overwritened,it will cause a denial of service. when a router was infected, The only way to fix is flash firmware.
In the background, function [[https://github.com/openwrt/openwrt/blob/fd28ef59db92da245debf207892fad8e1a0d9e45/package/system/ubox/files/log.init#L44|External Linkstart_service_file ]]will deal the system logging request and use logread` to save log in specified file.
PROG=/sbin/logread
In System -> logging page,System log buffer sizeset to 1KiB ,Write system log to file set to /etc/passwd. At the end , clicking "Save & Apply" button.
{{https://github.com/delikely/Arbitrary-File-Creation-in-OpenWrt/raw/master/images/set%20logging%20parameter.png}}
In order to produce some log to overwriten /etc/passwd , it need to reboot OpenWrt (the fasest way ) or wait a monent.
Denial of service: the LuCi web page display "Dad Gateway". the same time , the internet was offline.
{{http://github.com/delikely/Arbitrary-File-Creation-in-OpenWrt/blob/master/images/result%20DOS.png}}
The text was updated successfully, but these errors were encountered: