lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030728164822.11145.qmail@www.securityfocus.com>
Date: 28 Jul 2003 16:48:22 -0000
From: zitouni "réda" <reda.zitouni@...ilante.com>
To: bugtraq@...urityfocus.com
Subject: Cisco Aironet AP 1100 Malformed HTTP Request Crash Vulnerability




VIGILANTe Security Watch Advisory

Name: Cisco Aironet AP 1100 Malformed HTTP Request Crash Vulnerability
Systems Affected: Tested on a Cisco Aironet AP1100 Model 1120B Series 
Wireless device.
Firmware version 12.2(4)JA and earlier.
Severity: High Risk
Vendor URL: http://www.vigilante.com
Authors: Reda Zitouni (reda.zitouni@...ilante.com)
Date: 28th July 2003
Advisory Code: VIGILANTE-2003001

Description
***********
Cisco Aironet 1100 Series Access Point is a device manufactured by Cisco 
Systems offering a WLAN solution based on the 802.11b Wifi standard.
The Arionet Bridge is vulnerable to a denial of service.This can be 
exploited remotely by an attacker. No user login or password is necessary.

Details
*******

It is possible to cause Cisco Aironet Access Point to crash and reboot if 
the HTTP server feature is enabled. This can be accomplished by 
submitting a specially crafted request to the web server. There is no 
need to authenticate to perform this attack, only access to the web 
server is required. The Aironet bridge reboots upon receiving the request 
and failing to handle correctly this one. Afterwards, no further access 
to the WLAN or its services is possible.

Vendor status:
**************
Cisco was contacted June 19, 2003 and answered the same day. 5 days 
later, they told us that they would release a patch soon. The patch was 
finally released July 3, 2003.

Vulnerability Assessment:
A test case to detect this vulnerability was added to SecureScan NX in 
the upgrade package of July 28, 2003. You can see the documentation of 
this test case 17655 on SecureScan NX web site at 
http://securescannx.vigilante.com/tc/17655 . 
Fix:  A firmware upgrading the Aironet IOS version to c1100-k9w7 has been 
released by Cisco. Please note that this version fixes some other bugs as 
TC 15438 (refer to release note).

Workaround:
***********
1. If not needed - disable access to the web feature on the Aironet 
Bridge. 
2. If needed - restrict access to the HTTP service for outside 
connections.
CVE: Common Vulnerabilities and Exposures group ( reachable at 
http://cve.mitre.org/ ) was contacted and assigned CAN-2003-0511 to this 
vulnerability. 

Links:
*****
Cisco Advisory:	        http://www.cisco.com/warp/public/707/cisco-sa-
20030728-ap1x00.shtml
Vigilante Advisory: 
	http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-
2003001.htm
Product Homepage: 	http://www.cisco.com/warp/public/cc/pd/witc/ps4570
CVE: CAN-2003-0511 	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-
CAN-2003-0511


Credit:
******
This vulnerability was discovered by Reda Zitouni, member of our Security 
Watch Team at VIGILANTe. 
We wish to thank Cisco PSIRT Team for their fast answer to fix this 
problem. 

Copyright VIGILANTe.com, Inc. 2003-07-28

Disclaimer:
**********
The information within this document may change without notice. Use of 
this information constitutes acceptance for use in an AS IS condition. 
There are NO warranties with regard to this information. In no event 
shall the author be liable for any consequences whatsoever arising out of 
or in connection with the use or spread of this information. Any use of 
this information lays within the user's responsibility.

Feedback:
********
Please send suggestions, updates, and comments to 
securitywatch@...ilante.com.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ