Hi there,
is Gargoyle vulnerable, and if so, will there be patched versions available?
https://www.bleepingcomputer.com/news/s ... o-decades/
Regards
Ektus.
SSH username enumeration bug CVE-2018-15473
Moderator: Moderators
Re: SSH username enumeration bug CVE-2018-15473
Gargoyle uses dropbear by default rather than OpenSSH.
so, no.
If users have replaced dropbear themselves, they may be vulnerable.
Anyone exposing the SSH port to the WAN is also doing themselves a disservice.
By default, SSH is not allowed from WAN.
so, no.
If users have replaced dropbear themselves, they may be vulnerable.
Anyone exposing the SSH port to the WAN is also doing themselves a disservice.
By default, SSH is not allowed from WAN.
Routers: Various ar71xx/mvebu/x86-64
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Re: SSH username enumeration bug CVE-2018-15473
Addendum to my last post.
Yes gargoyle is likely affected by a different (but related) CVE
https://security-tracker.debian.org/tra ... 2018-15599
which DOES affect Dropbear.
It will be patched before 1.11.0. Backporting security fixes for 1.10.x is not likely in my opinion.
Yes gargoyle is likely affected by a different (but related) CVE
https://security-tracker.debian.org/tra ... 2018-15599
which DOES affect Dropbear.
It will be patched before 1.11.0. Backporting security fixes for 1.10.x is not likely in my opinion.
Routers: Various ar71xx/mvebu/x86-64
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Return to “Gargoyle Development”
Who is online
Users browsing this forum: No registered users and 6 guests