lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0310150321320.4915-100000@mail>
Date: Wed, 15 Oct 2003 03:24:26 -0500 (CDT)
From: DigitalPranksters <secteam@...italpranksters.com>
To: bugtraq@...urityfocus.com
Subject: LinkSys EtherFast Router Denial of Service Attack


DigitalPranksters Security Advisory
http://www.DigitalPranksters.com

LinkSys EtherFast Router Denial of Service Attack

Risk: Low

Product: Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 
1.44.3)

Product URL: http://www.linksys.com/products/product.asp?prid=433

Vendor Contacted: September 9, 2003

Vendor Released Patch: September 26, 2003

DigitalPranksters Public Advisory Released: October 7, 2003

Found By: KrazySnake - krazysnake@...italpranksters.com

Problem:
The Linksys BEFSX41 has web-based administration utility at a predictable 
default address (http://192.168.1.1). The administration is done through a 
series of html forms using the "get" method. The router also has an out of 
the box password of "admin".

Under the default configuration the router is only accessible from the 
local lan and not the internet. However, an attacker could set up a web 
page or send html email to someone inside of the lan to indirectly send 
commands to the router.

An attacker could specify a URL that results in denial of service. The 
denial of service occurs when long string is sent to the System Log 
Viewer's "Log_Page_Num" parameter. The router will be unresponsive after 
the URL is visited when logging is enabled.

Proof of Concept:
If an attacker can get the admin of the router to view a URL like 
http://192.168.1.1/Group.cgi?Log_Page_Num=1111111111&LogClear=0, the 
router will become inoperable. The link could be set as the source of an 
image html tag.

Resolution:
Linksys released an updated firmware to address this issue. This firmware 
update is made available by Linksys from 
http://www.linksys.com/download/firmware.asp?fwid=172.

Greetings:
SkippyInside, AngryB, Harmo, HTMLBCat, and Spyder.
Thanks to Linksys for fixing this issue.

Disclaimer:
Standard disclaimer applies. The opinions expressed in this advisory are 
our own and not of any company. The information within this advisory may 
change without notice. Use of this information constitutes acceptance for 
use in an AS IS condition. There are no warranties with regard to this 
information. In no event shall the author be liable for any damages 
whatsoever arising out of or in connection with the use or spread of this 
information. Any use of this information is at the user's own risk.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ