[sf-lug] Monday meeting and Bobbie Sellers' news

Daniel Gimpelevich daniel at gimpelevich.san-francisco.ca.us
Sun Apr 15 23:59:59 PDT 2018


On Sun, 2018-04-15 at 22:59 -0700, Rick Moen wrote:
> The Netgear DG834G default preload is a Linux distro, right?

Yep, running a 2.4 kernel, at least for the v2, with an endless list of
unpatched CVE's, especially _outside_ the kernel. There would be a
somewhat shorter, but not short enough, list with OpenWrt 10.03, which
had a slightly less ancient kernel, also not enough, because the version
number is the release date, now eight years and one month behind us.

As for the SUID thing: That preload ran everything as root anyway,
including telnetd. Methinks Cloudflare did a good thing in this case.




More information about the sf-lug mailing list