Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]

From: Tim <tim-security () sentinelchicken org>
Date: Thu, 4 Dec 2003 00:19:44 -0800
If you have one of these pieces of hardware, and you are worried about
the holes in it, why not just patch/replace the binaries yourself:

http://www.batbox.org/wrt54g-linux.html

It took a while for Linksys to release their GPL-ed source, but they
finally gave in to the community (and copyright law).  Now there is a
distro for it and the product has a good deal more utility.

tim


On Thu, Dec 04, 2003 at 01:41:54AM -0500, Jonathan A. Zdziarski wrote:

In a lot of cases, this would only be exploitable internally, since many
configurations are set up not to allow access to the unit externally. 
But in any case, there are a lot of other ways to DoS these little
residential boxes.  Running macof (part of the dsniff package) will
effectively shut down all traffic on the network.  I'm sure arpspoof
without forwarding would do the same thing.  I'm surprised these things
don't support something as basic as SSL for authentication (at least the
model I've got doesn't)

On Wed, 2003-12-03 at 23:42, Michael Renzmann wrote:

Can anyone confirm if technically identical devices such as the Buffalo 
WBR-G54 share this vulnerability?



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: