Full Disclosure mailing list archives
The Misfortune Cookie Vulnerability
From: Shahar Tal <shahartal () checkpoint com>
Date: Thu, 18 Dec 2014 14:00:13 +0000
Hey there, Recently our group has uncovered a serious vuln in RomPager - the most popular web server in the world, found in millions of embedded devices (mostly residential gateways / SOHO routers), which unfortunately allows gaining admin access to the router from the WAN (port 80 access not required! 7547 works like a charm). This is not the "rom-0" vulnerability revealed earlier this year. In fact, it's about an order of magnitude worse - IPv4 scans show at least 12 million readily exploitable endpoints. Shodan it yourself later. We call it "Misfortune Cookie" over the affected vulnerable HTTP cookie parsing module, but MITRE insists on CVE-2014-9222 (CVSS score, for those of you keeping count, is 9.7). See http://mis.fortunecook.ie for the rest. Cheers, Shahar Tal Malware & Vulnerability Research AAAAAAAAAAAAAAAA\0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Check Point Software Technologies | * +972-3-753-4536 | M +972-545-888887 | * shahartal () checkpoint com<mailto:shahartal () checkpoint com> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- The Misfortune Cookie Vulnerability Shahar Tal (Dec 18)
- Re: The Misfortune Cookie Vulnerability Michal Zalewski (Dec 18)
- Re: The Misfortune Cookie Vulnerability Sandro Gauci (Dec 22)
- Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
- Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
- Re: The Misfortune Cookie Vulnerability Jon Hart (Dec 23)
- Re: The Misfortune Cookie Vulnerability Sandro Gauci (Dec 22)
- Re: The Misfortune Cookie Vulnerability Gynvael Coldwind (Dec 22)
- Re: The Misfortune Cookie Vulnerability Michal Zalewski (Dec 18)