MikroTik RouterOS 5.x < 5.26 / 6.x < 6.3 sshd Unspecified Remote Heap Corruption

medium Nessus Plugin ID 70942

Synopsis

The remote networking device is affected by a heap corruption vulnerability.

Description

According to its self-reported version, the remote networking device is running a version of MikroTik 5.x before 5.26 or 6.x before 6.3.
It, therefore, reportedly has a heap corruption vulnerability in its sshd component that can be leveraged by an unauthenticated, remote attacker to crash the SSH service.

Solution

Upgrade to MikroTik RouterOS 5.26 / 6.3 or later.

See Also

http://www.nessus.org/u?38c2e68b

https://www.securityfocus.com/archive/1/528394/30/0/threaded

https://forum.mikrotik.com/viewtopic.php?p=384465#p384465

http://www.mikrotik.com/download/CHANGELOG_5

http://www.mikrotik.com/download/CHANGELOG_6

Plugin Details

Severity: Medium

ID: 70942

File Name: mikrotik_6_3.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 11/18/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/o:mikrotik:routeros

Required KB Items: MikroTik/RouterOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/3/2013

Vulnerability Publication Date: 9/2/2013

Reference Information

BID: 62110