lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <61A19F7D153E3D4299A9E58FBB924DD66E5787@EXCHANGE1.concordia.edu>
Date: Fri, 28 Mar 2003 08:41:05 -0600
From: Rick Koenig <rk4028@...hange.concordia.edu>
To: 'Thomas Reinke' <reinke@...oftinc.com>
Subject: RE: D-Link DI-614 wiresless router crash/reboots


Thomas,

I have a DI-614+ that I use at home and I have noticed a significant number
spontaneous reboots lately.  A few weeks ago, I installed the beta firmware
of Dlink's website thinking that that would solve the issue but that did not
work either.  I have not run any scanner on my device just every now and
then my wireless pcmcia card will lose connectivity. I even swapped out the
card thinking that that was the cause but that did not take care of it.  I
will try to run the scans you mentioned to reproduce the problem.

Please let me know if you discover anything else and hopefully we can get
D-link to acknowledge the vulnerability and come up with a solution.

I look forward to hearing from you.

Thanks,
Rick     

Rick Koenig, CCNA, CCAI
Network Engineer
Concordia University @ Austin
(Office) 512.486.1170
(Cell) 512.771.6570
(Fax) 512.302.5856
 koenigr@...cordia.edu


-----Original Message-----
From: Thomas Reinke [mailto:reinke@...oftinc.com] 
Sent: Wednesday, March 26, 2003 4:46 PM
To: bugtraq@...urityfocus.com
Subject: D-Link DI-614 wiresless router crash/reboots

A user of ours has reported that the D-Link DI-614+
Wireless router/firewall is vulnerable to several old,
well known vulnerablities.  The user was able to reproduce
the problem multiple times with consistent results.  Not
having the equipment, we have NOT reproduced these ourselves,
and would appreciate if anyone can corroborate these
problems.

The vendor was notified on March 13th and has not responded
back.

Both tests causing problems were reproduced using the Nessus
test suite. Test IDs are Nessus test ID numbers and are
supplied for reference.

Nestea:  A Nestea attack applied to the device causes the
     device to spontaneously reboot. The device is out of
     operation for only a few seconds and is then back in
     service with no other known impact.
     Ref: http://www.securityspace.com/smysecure/catid.html?id=10148

Linux 0 length fragment bug: Sending the appropriate packet
     causes the device to crash requiring a power off-on cycle
     to recover.
     Ref: http://www.securityspace.com/smysecure/catid.html?id=10134

If anyone can support that their device does or does not behave
similarly it would be appreciated.

Thomas
--
SecuritySpace
http://www.securityspace.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ