lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061211120627.28152.qmail@securityfocus.com>
Date: 11 Dec 2006 12:06:27 -0000
From: poplix@...uasia.org
To: bugtraq@...urityfocus.com
Subject: D-LINK DWL-2000AP+ remote DoS

D-LINK DWL-2000AP+ with firmware version 2.11 is prone to two remote denial of service vulnerability because it fails to handle arp flooding. 
The first vuln causes the wireless link (802.11) to be resetted and the arp table to be rebuilded. All clients connected to the AP are disconnected.
This bug can be triggered by sending lots of arp replies through the wired link or the radio one at a very high speed.
The second vulnerability affects the wireless link only and are quite harder to trigger but causes the AP firmware to crash making a manual reboot mandatory.
This bug can be triggered only if no other D-LINK ethernet products are visible to AP, if wep encryption is enabled and it needs a very large amount of arp-requests to be broadcasted through its wireless link at a very high speed. 
This exploit works in the 90% of cases because sometimes the AP is able to ban the flooding client before the exploiting process is complete.
D-LINK doesn't support this product anymore so no solution is available.
Other products can be vulnerable.

Not vulnerable: DWL-700AP


Proof-of-concept availale, 
it floods an ethernet device with arp-reply or arp-request
http://tripp.dynalias.org/arpflood.c

cheers

-poplix

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ