Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[SNS Advisory No.59] Buffalo Wireless LAN Access Point Denial of Service Vulnerability (was Re: Buffalo AP Denial of Service)

From: snsadv () lac co jp
Date: Tue, 03 Dec 2002 13:13:39 +0900
We found the same vulnerabilty and reported to the vender on 9 Aug 2002.
Since the vender reported that this problem has been addressed, we have
decided to release this advisory after confirming the fix. 

---
On 13 Nov 2002 19:39:12 -0000
Andrei Mikhailovsky <andrei () arhont com> wrote:




Arhont Ltd.     - Information Security

Arhont Advisory by:             Andrei Mikhailovsky
(www.arhont.com)
Advisory:                       Buffalo AP 
AP Model Name:                  WLA-L11G Ver.2.31
Wireless Firmware:              WLI-PCM-L11G Ver.6.14
Model Specific:                 Other versions of
Buffalo APs might be vulnerable
Manufacturer site:              http://www.buffalotech.com
Manufacturer contact:           info () buffalotech com
Contact Date:                   25/10/2002


---

--------------------------------------------------------------------------
SNS Advisory No.59
Buffalo Wireless LAN Access Point Denial of Service Vulnerability

Problem first discovered: 9 Aug 2002
Published: 3 Dec 2002
http://www.lac.co.jp/security/english/snsadv_e/59_e.html
--------------------------------------------------------------------------

Overview:
---------
  A vulnerability was found in WLAR-L11G-L, a wireless access point from
  MELCO Inc., that causes a denial of service condition. Although this
  vulnerabilty was reported by Bugtraq on Nov. 13, 2002, we contacted the
  technical support of MELCO Inc. regarding this issue on August 9th and
  were waiting for a response. Since MELCO Inc. reported that this problem
  has been addressed, we have decided to release this advisory after
  confirming the fix. 

Problem Description:
--------------------
  WLAR-L11G-L contains a web server which is used to administer the access
  point. WLAR-L11G-L reboots whenever the web server receives a specific
  HTTP request. 
  For example, sending the following request by telnet client can reboot
  the access point.
    "GET / HTTP/1.0"

  By sending the request continuously, a remote attacker can cause a denial
  of service condition. The access point resumes normal operation when the
  attacker stops sending requests.

Solution:
---------
  This problem can be eliminated by updating the firmware to Ver 1.41.180
  beta3 or later.

    http://buffalo.melcoinc.co.jp/download/driver/lan/wlar-l11-l.html#2

Chronology of Events:
---------------------
   9 Aug 2002 : We discovered the vulnerability
   9 Aug 2002 : We reported the findings to MELCO Inc.
  16 Aug 2002 : MELCO Inc. sent a reply
  28 Oct 2002 : MELCO Inc. reported that this problem will be fixed late in
                November
  26 Nov 2002 : MELCO Inc. reported that this problem has been fixed by the
                fix of another problem

Discovered by:
--------------
  Atsushi Nishimura a.nisimr () lac co jp

Disclaimer:
-----------
  All information in these advisories are subject to change without any 
  advanced notices neither mutual consensus, and each of them is released 
  as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences 
  caused by applying those information.

------------------------------------------------------------------
SecureNet Service(SNS) Security Advisory <snsadv () lac co jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/
Previous By Date Next
Previous By Thread Next

Current thread: