1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Remote Root Exploit Found in DD-WRT -- How About Tomato?

Discussion in 'Tomato Firmware' started by GreenThumb, Jul 22, 2009.

  1. GreenThumb

    GreenThumb Addicted to LI Member

    There is a new remote root exploit that affects the latest builds of DD-WRT. Apparently, the router can be pwned (rooted) by merely visiting a malicious website.

    I think it is rather concerning that the HTTP daemon runs as root. At any rate, does this exploit affect Tomato as well?
  2. thor2002ro

    thor2002ro Addicted to LI Member

    no it is not...
  3. bogderpirat

    bogderpirat Network Guru Member

    jon - praise his highness, our lord and savior - implemented an anti-xss safeguard back in tomato 1.14. now of course, with an intricate setup you can fool an ignorant tomato user into granting an attacker control, but this said tomato user would have to be _really_ naive, or dimly witted.
  4. GreenThumb

    GreenThumb Addicted to LI Member

    Jon, can you confirm Tomato's immunity to this exploit?
  5. mstombs

    mstombs Network Guru Member

    Tomato has already been patched some time ago to cope with a potential cross-site scripting vulnerability it inherited from Linksys.

    I don't think there is much in common between Tomato and dd-wrt in the web interface. I have seen other routers using "cgi-bin" in their web page addresses though...

    This exploit is very embarassing for dd-wrt, it is very similar to the orginal "ping hack" which allowed hackers into the early WRT54G Linux routers - and the rest we know is history!
  6. GreenThumb

    GreenThumb Addicted to LI Member

    Is the reason the source forge downloads are not working because many people are dumping DD-WRT and downloading Tomato at the same time? Or is there an issue with the source forge servers?
  7. mstombs

    mstombs Network Guru Member

    a) What is wrong with sf downloads - they are working fine for me
    b) dd-wrt is quite different to Tomato, has many more different flavours - concerned users more likely just to loada patched version
    c) There was an issue during the move from polarcloud to sf - but that was yonks ago!
  8. Kiwi8

    Kiwi8 LI Guru Member

    This is indeed very embarrassing for DD-WRT. To think they even had the cheek to offer paid DD-WRT firmware.
  9. Incidentflux

    Incidentflux Addicted to LI Member

    Well DD-WRT is the most popular third party routing firmware, so this is expected. As Tomato firmware gets even more popular it'll become a fat target as well. Only reason I found about Tomato firmware was because I'd heard of DD-WRT first.

    The DD-WRT guys are better organized, single site to grab all versions, wikis, support forums etc.

    Unlike Tomato firmware, which is distributed in a very fragmented manner. If all mods were in one place perhaps, Google code or Sourceforge etc. Development would be so much easier, hardware support base, beta testers would also expand as well.

    However the price of fame would be exploits.
  10. krassyo

    krassyo Addicted to LI Member

    No. It is not the price of fame, but a price of bad software design.
  11. phuque99

    phuque99 LI Guru Member

    Why is this thread degenerating into a flame-dd-wrt thread? seems strange that tomato users seems to wanna sling mud at dd-wrt when there's none coming from the other way or other firmwares for that matter.

Share This Page