lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200705032250.42161.timb@nth-dimension.org.uk>
Date: Thu, 3 May 2007 22:50:40 +0100
From: Tim Brown <timb@...-dimension.org.uk>
To: 3APA3A <3APA3A@...urity.nnov.ru>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	news@...uriteam.com
Subject: Re: Medium security hole affecting DSL-G624T

On Thursday 03 May 2007 22:13:15 3APA3A wrote:

> This  vulnerability  for  D-Link  DSL-G624T was already reported by Jose
> Ramon Palanco. See
>
> http://securityvulns.ru/Odocument816.html
>
> Previously, same problem was reported for D-Link DSL-G604T by Qex
>
> http://securityvulns.ru/Mdocument578.html
>
>
> There were also few more problems reported about /cgi-bin/webcm, see
>
> http://securityvulns.ru/Idocument664.html
> http://securityvulns.ru/Idocument759.html

I quite agree, the Summary of my attached advisory makes this point.  However, 
as I also point out in the Solutions section, all of the issues you list were 
against major version 1 of the firmware.  We're now at major version 3 and 
directory traversal is still a problem.  Moreover, the advisories that cover 
directory traversal (http://securityvulns.ru/Mdocument578.html and 
http://securityvulns.ru/Mdocument578.html) only talk about /etc/passwd.  
Neglecting the fact that the web server runs as root and that /etc/shadow is 
therefore available.

Secondly, the Javascript injection issue describe is as far as I 
know /entirely new/.  It's not a short walk to the point where these two 
issues alone could be use to compromise devices, irrespective of the firmware 
issues you also link to.

Maybe, I'm hoping that by version 10 of the firmware in the year 2014, D-Link 
may actually manage to fix some of these reported problems?  Moreover, maybe 
they'll actually make it possible for researchers to report these things in a 
manner whereby they actually respond to the reports when contacted.  Not 
holding my breath though.

Tim
-- 
Tim Brown
<mailto:timb@...-dimension.org.uk>
<http://www.nth-dimension.org.uk/>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ