lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 16 Jun 2009 12:42:06 +0200
From: Hanno Böck <hanno@...eck.de>
To: full-disclosure@...ts.grok.org.uk
Cc: "Tom Neaves" <tom@...neaves.co.uk>, bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability

Am Montag 15 Juni 2009 schrieb Tom Neaves:
> Within the "/cgi-bin/" directory of the administrative web interface exists
> a
> file called "firmwarecfg".  This file is used for firmware upgrades.  A
> HTTP POST
> request for this file causes the web server to hang.  The web server will
> stop
> responding to requests and the administrative interface will become
> inaccessible
> until the router is physically restarted.
>
> While the router will still continue to function at the network level, i.e.
> it will
> still respond to ICMP echo requests and issue leases via DHCP, an
> administrator will
> no longer be able to interact with the administrative web interface.
>
> This attack can be carried out internally within the network, or over the
> Internet
> if the administrator has enabled the "Remote Management" feature on the
> router.

Don't have such a device for tests, but isn't it possible to exploit this 
remotely through CSRF even without "Remote Management" option?
(i.e. put some javascript on a webpage sending a post request to the default 
ip of the router?)

-- 
Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de
http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher
http://tinyurl.com/dceu73 - Internetzensur stoppen!

http://schokokeks.org - professional webhosting

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists