lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3FCED9C9.1070906@dylanic.de>
From: security at dylanic.de (Michael Renzmann)
Subject: [Fwd: Bugtraq: Linksys WRT54G Denial of	Service
 Vulnerability]

Hi.

Jonathan A. Zdziarski wrote:
> In a lot of cases, this would only be exploitable internally, since many
> configurations are set up not to allow access to the unit externally. 

What do you mean with "externally"? WLAN? Internet?
I don't know this particular device, but I know that lots of other 
Access Points that have a web interface regard any request from WLAN as 
being internal. If this is also the case for the WRT54G, the attack can 
be made from anyone who is in reach of the Access Point as described in 
the vulnerability report.

> But in any case, there are a lot of other ways to DoS these little
> residential boxes.  Running macof (part of the dsniff package) will
> effectively shut down all traffic on the network.  I'm sure arpspoof
> without forwarding would do the same thing.  I'm surprised these things
> don't support something as basic as SSL for authentication (at least the
> model I've got doesn't)

WRT54G is said to have an https? Or do you mean SSL for authentication 
of users before they can access anything on (or behind) the network the 
Access Point is attached to?

Bye, Mike

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ