lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 15 Jun 2009 22:54:32 +0100
From: "Tom Neaves" <tom@...neaves.co.uk>
To: "Alaa El yazghi" <m.elyazghi@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Netgear DG632 Router Remote DoS Vulnerability

Hi.

I'm not quite sure of your question...

The DoS can be carried out remotely, however one mitigating factor (which makes it a low risk as opposed to sirens and alarms...) is that its turned off by default - you have to explicitly enable it under "Remote Management" on the device if you want to access it/carry out the DoS over the Internet.  However, it is worth noting that anyone on your LAN can *remotely* carry out this attack regardless of this management feature being on/off.

I hope this clarifies it for you.

Tom
  ----- Original Message ----- 
  From: Alaa El yazghi 
  To: Tom Neaves 
  Cc: bugtraq@...urityfocus.com ; full-disclosure@...ts.grok.org.uk 
  Sent: Monday, June 15, 2009 10:45 PM
  Subject: Re: Netgear DG632 Router Remote DoS Vulnerability


  How can it be carried out remotely if it bugs localy?


  2009/6/15 Tom Neaves <tom@...neaves.co.uk>

    Product Name: Netgear DG632 Router
    Vendor: http://www.netgear.com
    Date: 15 June, 2009
    Author: tom@...neaves.co.uk <tom@...neaves.co.uk>
    Original URL: http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt
    Discovered: 18 November, 2006
    Disclosed: 15 June, 2009

    I. DESCRIPTION

    The Netgear DG632 router has a web interface which runs on port 80.  This
    allows an admin to login and administer the device's settings.  However,
    a Denial of Service (DoS) vulnerability exists that causes the web interface
    to crash and stop responding to further requests.

    II. DETAILS

    Within the "/cgi-bin/" directory of the administrative web interface exists a
    file called "firmwarecfg".  This file is used for firmware upgrades.  A HTTP POST
    request for this file causes the web server to hang.  The web server will stop
    responding to requests and the administrative interface will become inaccessible
    until the router is physically restarted.

    While the router will still continue to function at the network level, i.e. it will
    still respond to ICMP echo requests and issue leases via DHCP, an administrator will
    no longer be able to interact with the administrative web interface.

    This attack can be carried out internally within the network, or over the Internet
    if the administrator has enabled the "Remote Management" feature on the router.

    Affected Versions: Firmware V3.4.0_ap (others unknown)

    III. VENDOR RESPONSE

    12 June, 2009 - Contacted vendor.
    15 June, 2009 - Vendor responded.  Stated the DG632 is an end of life product and is no
    longer supported in a production and development sense, as such, there will be no further
    firmware releases to resolve this issue.

    IV. CREDIT

    Discovered by Tom Neaves 



Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists