Heartbleed wrt54GS

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
Andreasx
DD-WRT Novice


Joined: 26 Jul 2014
Posts: 16

PostPosted: Sat Jul 26, 2014 23:59    Post subject: Heartbleed wrt54GS Reply with quote
Hey,
I started using DD-WRT in 2005 (v23 beta 2).

I've got some Linksys Routers:
WRT54GS v1.1
WRT54GS v4
WRT54GL v1.0
WRT54GL v1.1

The latest Firmware on Database provided is:
Build 14896

On the Website http://www.dd-wrt.com/wiki/index.php/Supported_Devices#Linksys_.28Wireless_a.2Fb.2Fg.29 there are different Information.
I read a lot in the Forum and got more different versions.

I have only one simple Question:
Which is the last working Version without Heartbleed and known security- issues?
Sponsor
crashfly
DD-WRT Guru


Joined: 24 Feb 2009
Posts: 2026
Location: Sol System > Earth > USA > Arkansas

PostPosted: Sun Jul 27, 2014 0:04    Post subject: Reply with quote
None of the DD-WRT versions actually have the "Heartbleed" problem. (As far as I know.) The reasoning behind that is that DD-WRT has versions long time prior to the "Heartbleed" option even being implemented.
_________________
E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]

Try Dropbox for syncing files - get 2.5gb online for free by signing up.

Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
Andreasx
DD-WRT Novice


Joined: 26 Jul 2014
Posts: 16

PostPosted: Sun Jul 27, 2014 0:24    Post subject: Reply with quote
OK, I found this fix in SVN: http://svn.dd-wrt.com/changeset/23882
thats the reason I am asking...
crashfly
DD-WRT Guru


Joined: 24 Feb 2009
Posts: 2026
Location: Sol System > Earth > USA > Arkansas

PostPosted: Sun Jul 27, 2014 15:44    Post subject: Reply with quote
It seems I may have misunderstood what the developer <Kong> had previously wrote elsewhere on this board. Maybe the following will help you more.

<Kong> wrote:
xantarios wrote:
All,

You all may have heard of the massive Heartbleed bug that was disclosed that affects many versions of OpenSSL.

I use DD-WRT VPN, I would like to know how to do the following:

1. List of DD-WRT versions that are affected
2. How to find version of OpenSSL my version of DD-WRT is running
3. Links to builds for all router models to update to in order to no longer be affected.

Thanks!


http://www.dd-wrt.com/phpBB2/viewtopic.php?t=260167


EDIT: I think I found the post I was previously referring to:
<Kong> wrote:
obilan wrote:
I have been trying to figure out whether the recent openSSL bug affects build 14929 but I could not find the answer on google or by browsing through the directories on the router.

I use openVPN on a WRT54GL.


Not affected as it uses the old openssl lib without heartbeat support.


Here is another one which might be useful:
<Kong> wrote:
marbon wrote:
Hi everybody,

i succesfully flashed dd-wrt.v24-23919_NEWD-2_K3.x_mega-e3000.bin on my E3000.

I want to use the openvpn server on the router but i am a little bit confused about heartbleed vulnerability.
I read in different posts that 23919 should not be vulnerable against the heartbleed bug but the command "openvpn --version" says openvpn server version 2.3.2 is included which is vulnerable for heartbleed.

I also could not checked the installed version of openssl because command openssl is not found and i could not find a lib from openssl everywhere.

So is the included version of openvpn vulnerable or not?

Cheers,
marbon


You are mixing things up only 2.3.2 is vuklerable on windows, since it ships the older openssl version on linux/dd-wrt etc. it uses the shipped openssl version.
Latest builds come with fixed openssl.



I hope the above information helps.

_________________
E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]

Try Dropbox for syncing files - get 2.5gb online for free by signing up.

Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
Andreasx
DD-WRT Novice


Joined: 26 Jul 2014
Posts: 16

PostPosted: Thu Jul 31, 2014 19:26    Post subject: Reply with quote
Hey,

thank you,

It helps me to decide to use OpenVPN on an external machine.

at the moment I hang on finding the latest working version for my router, but thats another topic.
Andreasx
DD-WRT Novice


Joined: 26 Jul 2014
Posts: 16

PostPosted: Mon Aug 04, 2014 21:54    Post subject: Reply with quote
Hearbleed Infos:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=260167
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum