| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031204081944.GA30021@sentinelchicken.org> From: tim-security at sentinelchicken.org (Tim) Subject: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability] If you have one of these pieces of hardware, and you are worried about the holes in it, why not just patch/replace the binaries yourself: http://www.batbox.org/wrt54g-linux.html It took a while for Linksys to release their GPL-ed source, but they finally gave in to the community (and copyright law). Now there is a distro for it and the product has a good deal more utility. tim On Thu, Dec 04, 2003 at 01:41:54AM -0500, Jonathan A. Zdziarski wrote: > In a lot of cases, this would only be exploitable internally, since many > configurations are set up not to allow access to the unit externally. > But in any case, there are a lot of other ways to DoS these little > residential boxes. Running macof (part of the dsniff package) will > effectively shut down all traffic on the network. I'm sure arpspoof > without forwarding would do the same thing. I'm surprised these things > don't support something as basic as SSL for authentication (at least the > model I've got doesn't) > > On Wed, 2003-12-03 at 23:42, Michael Renzmann wrote: > > Can anyone confirm if technically identical devices such as the Buffalo > > WBR-G54 share this vulnerability? > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists