| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <463E8736-BDCE-4807-849C-441DEC4136CB@doxpara.com>
Date: Fri, 10 Feb 2012 13:11:07 -0500
From: Dan Kaminsky <dan@...para.com>
To: "farthvader@...h.ai" <farthvader@...h.ai>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Linksys Routers still Vulnerable to Wps
vulnerability.
"Fixing a vulnerability like this with all the bureoucratic, QA and legal process wouldn't take no more than 2 weeks"
If bureaucratic, QA, and legal issues emerge, you can't even get the names of the people you need to speak to in less than 2 weeks, let alone schedule a conference call. Fixing? Heh.
Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either.
Sent from my iPhone
On Feb 10, 2012, at 2:40 AM, farthvader@...h.ai wrote:
> Don't buy Linksys Routers they are vulnerable to Wifi unProtected Setup Pin registrar Brute force attack.
> No patch or workaround exist at the making of this post.
>
> Vulnerable list and alleged patch availability:
> source:http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154
>
> E1000 To Be Disclosed (aka we don't have idea)
> E1000 v2 To Be Disclosed
> E1000 v2.1 To Be Disclosed
> E1200 v1 early March
> E1200 v2 early March
> E1500 early March
> E1550 mid March
> E2000 To Be Disclosed
> E2100L mid March
> E2500 early March
> E3000 To Be Disclosed
> E3200 early March
> E4200 v1 early March
> E4200 v2 To Be Disclosed
> M10 To Be Disclosed
> M20 To Be Disclosed
> M20 v2 To Be Disclosed
> RE1000 early March
> WAG120N To Be Disclosed
> WAG160N To Be Disclosed
> WAG160N v2 To Be Disclosed
> WAG310G To Be Disclosed
> WAG320N To Be Disclosed
> WAG54G2 To Be Disclosed
> WAP610N To Be Disclosed
> WRT110 To Be Disclosed
> WRT120N To Be Disclosed
> WRT160N v1 To Be Disclosed
> WRT160N v2 To Be Disclosed
> WRT160N v3 To Be Disclosed
> WRT160NL To Be Disclosed
> WRT310N v1 To Be Disclosed
> WRT310N v2 To Be Disclosed
> WRT320N To Be Disclosed
> WRT400N To Be Disclosed
> WRT54G2 v1 To Be Disclosed
> WRT54G2 v1.3 To Be Disclosed
> WRT54G2 v1.5 To Be Disclosed
> WRT54GS2 v1 To Be Disclosed
> WRT610N v1 To Be Disclosed
> WRT610N v2 To Be Disclosed
> X2000 To Be Disclosed
> X2000 v2 To Be Disclosed
> X3000 To Be Disclosed
>
> The question is why a big company like Cisco/Linksys didn't release a patch since almost 1 month and a half ?.
>
> Well i have circumstantial evidence that Cisco outsource some of their Linksys firmware routers to other companies (Arcadyan for example.) in some cases source code is only available through NDA's or not available at all. That's why they are taking so long to release a fix to the WPS vulnerability. Fixing a vulnerability like this with all the bureoucratic, QA and legal process wouldn't take no more than 2 weeks. I found some GPL violations by the way but this is beyond the scope of this message (obfuscating firmware it's useless you now).
>
> I apologize if i offended someone but IT security it's serious business specially if someone use your wifi to commit crimes.
> This vulnerability contains public and very easy to use exploit code, it's not a Denial of Service.
>
>
> Farth Vader.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists